Now that the badlock bug and fixes are available, it is too much for some companies
Uri Simchoni
uri at samba.org
Thu Apr 14 07:18:14 UTC 2016
On 04/14/2016 09:58 AM, Andrew Bartlett wrote:
> On Wed, 2016-04-13 at 11:52 -0700, Richard Sharpe wrote:
>
>>
>> I am suggesting it as an interim solution that mitigates the risk
>> while we get the complete solution through the organization because
>> QA
>> is going to require a long testing cycle because of the amount of
>> code
>> change that it involves.
>>
>
> Do you enforce SMB signing in your product? If not, MITM attacks
> against SMB (and so ncacn_np) are much easier to do than exploiting
> this issue. The reason the release came with so many other fixes is
> that only with them all fixed and signing required on all protocols doe
> s it make sense.
>
> The rest is a pile of correctness stuff that is worthwhile, but put
> another way, if the front door is unlocked, checking the deadbolt on
> the patio isn't much help.
>
> Andrew Bartlett
>
... But even without SMB signing, the SAMR pipe usually has (and after
the patch - always has?) its own integrity/confidentiality provided by
RPC, isn't it? I mean, if I try to change the password of a local user
on an SMB server, everything is encrypted (and the way I understood
badlock, an MITM could prevent this encryption, and without SMB signing
as an additional security measure, hijack the connection and configure
local users at will)
Uri
More information about the samba-technical
mailing list