Now that the badlock bug and fixes are available, it is too much for some companies

Andrew Bartlett abartlet at samba.org
Thu Apr 14 09:54:48 UTC 2016


On Thu, 2016-04-14 at 02:42 -0700, Richard Sharpe wrote:
> On Wed, Apr 13, 2016 at 11:58 PM, Andrew Bartlett <abartlet at samba.org
> > wrote:
> > On Wed, 2016-04-13 at 11:52 -0700, Richard Sharpe wrote:
> > 
> > > 
> > > I am suggesting it as an interim solution that mitigates the risk
> > > while we get the complete solution through the organization
> > > because
> > > QA
> > > is going to require a long testing cycle because of the amount of
> > > code
> > > change that it involves.
> > > 
> > 
> > Do you enforce SMB signing in your product?  If not, MITM attacks
> > against SMB (and so ncacn_np) are much easier to do than exploiting
> > this issue.  The reason the release came with so many other fixes
> > is
> > that only with them all fixed and signing required on all protocols
> > doe
> > s it make sense.
> 
> We do what the client asks for in that regard. With SMB2 dont clients
> drop the connection if they ask for signing and the server refuses to
> use it?

It all comes down to what the weakest protocol you offer permits.  Will
the client still connect if the server is presenting as SMB1 (only)? 
 (Likely yes).  Will the client wish to negoitate signing off (likely
yes).  In either of those cases, that is your bigger issue, not
badlock. 

Badlock mattered because SMB signing was presumed to be on for the AD
DC (and for Mircosoft, was required).  Our list was longer because we
didn't get that right either.

I hope this helps.  I know this area is complex.

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba






More information about the samba-technical mailing list