What is the 'Badlock Bug'?

security vulnerability

A user on the Ask Ubuntu General Room posted a link to Badlock. After some googling around, all I can find is that it is a mysterious security bug, that uses the same website template as Heartbleed.

I manage Linux Servers, a mysterious security bug does not sit well with me. What exactly is it, and how can I protect my servers from it?


Solution 1:

What is BadLock

Badlock is a bug that affects Windows and Samba.

What Can hackers do with this security bug?

Two things:

  • Man-in-the-middle (MITM) attacks:

  • Denial-of-Service (DoS) attacks:

The Badlock CVE is: CVE-2016-2118. There are additional CVEs related to Badlock. Those are:

  • CVE-2015-5370 (Multiple errors in DCE-RPC code)
  • CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
  • CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
  • CVE-2016-2112 (LDAP client and server don't enforce integrity)
  • CVE-2016-2113 (Missing TLS certificate validation)
  • CVE-2016-2114 ("server signing = mandatory" not enforced)
  • CVE-2016-2115 (SMB IPC traffic is not integrity protected)

Which versions of samba are affected

  • 3.6.x,
  • 4.0.x,
  • 4.1.x,
  • 4.2.0-4.2.9,
  • 4.3.0-4.3.6,
  • 4.4.0

Fix:

Download the patches for your version of samba, here:

  • https://www.samba.org/samba/history/security.html

How bad is Badlock?

The severity of Badlock according to the Common Vulnerability Scoring System (CVSS):

CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Base: 7.1 (High); Temporal: 6.4 (Medium)

Notes:

With the release of Samba 4.4.0 on March 22nd the 4.1 release branch has been marked DISCONTINUED (see Samba Release Planning)

Further Reading:

  • Bad Luck Over The Upcoming Badlock Vulnerability?

  • WIRED, Hype Around the Mysterious 'Badlock' Bug Raises Criticism

Official badlock website:

  • Badlock Bug

Links:

  • GitHub: samba-team/samba:
    • Official GitHub mirror of https://git.samba.org/samba.git

Solution 2:

See here for the Ubuntu security update packages:

https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1569497

Took a little while to get published, but a hell of a lot easier than patching 3.6.3 up to 3.6.25 and applying the official patches on top of that.

NB: I tried to build 3.6.25 from source on precise and failed. YMMV.

Related

Open already running program via terminal
Does cron wake up my computer?
reload static IP ubuntu 16
How to substitute expression globally with bash bracket substitution syntax?
Very slow boot time ubuntu - A start job is running for Raise network interfaces
What is the font in Ubuntu which is just called "Sans"?
Application for trimming a video mp4 of ubuntu 16.04 LTS
Reverse-search in CLI: messed up output afterwards [duplicate]
Does tar -tvf decompress the file or just list the names?
date -d 'previous Monday" to display the preceding Monday
Process status of S+ S S< Sl
Terminal size at startup?