Now that the badlock bug and fixes are available, it is too much for some companies
abartlet at samba.org
Thu Apr 14 06:58:54 UTC 2016
On Wed, 2016-04-13 at 11:52 -0700, Richard Sharpe wrote:
> I am suggesting it as an interim solution that mitigates the risk
> while we get the complete solution through the organization because
> is going to require a long testing cycle because of the amount of
> change that it involves.
Do you enforce SMB signing in your product? If not, MITM attacks
against SMB (and so ncacn_np) are much easier to do than exploiting
this issue. The reason the release came with so many other fixes is
that only with them all fixed and signing required on all protocols doe
s it make sense.
The rest is a pile of correctness stuff that is worthwhile, but put
another way, if the front door is unlocked, checking the deadbolt on
the patio isn't much help.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical