Thanks to rarestia for the ping!!
Posted on 03/23/2016 5:58:26 AM PDT by rarestia
April 12 – save the date if you're a Windows or Samba file server administrator.
Stefan Metzmacher, a Samba core developer, has discovered what sounds like a pretty bad security bug, and he says it will be patched on that day next month.
The vulnerability already has everything it needs to make a big splash: a name, Badlock; a website, and a logo. Here's what we know from the site:
On April 12th, 2016 a crucial security bug in Windows and Samba will be disclosed. We call it: Badlock. Engineers at Microsoft and the Samba Team are working together to get this problem fixed. Patches will be released on April 12th.
Admins and all of you responsible for Windows or Samba server infrastructure: Mark the date. (Again: It's April 12th, 2016.) Please get yourself ready to patch all systems on this day. We are pretty sure that there will be exploits soon after we publish all relevant information.
Metzmacher also works at SerNet, a German IT systems integrator, which has blogged about the upcoming disclosure.
It sounds like a flaw in the SMB protocol, which Windows and open-source Samba both implement to share files between computers over a network. Samba can be used on Linux, BSD, OS X and other Unixy-flavored systems to interact with Microsoft-powered machines.
It's possible Redmond and the Samba team separately made the same exploitable implementation error. However, Badlock is more likely some sort of design flaw in the protocol that can be exploited by hackers to do terrible things on various platforms.
Do bear in mind, though, that this is a protocol mostly used on internal networks, and thus Badlock will probably hit organizations rather than normal people at home.
Speculation over the bug is rife on Twitter. "Due to the name 'Badlock,' I'm guessing controllable memory write after file handle invalidated on broken lock over CIFS," said security researcher David Litchfield.
On the one hand, this sort of heads up is appreciated, especially if the security blunder turns out to be easy to exploit. It'll give people time to prepare to roll out updates for their file servers. But if this Badlock bug isn’t really all that massive then Metzmacher et al risk being seen as the little tykes who cried wolf.
We've pinged Metzmacher and Microsoft for more information and will update this story if we have any more details.
Ping to the list!
Ping to the Apple list
Ping to the list
“he says it will be patched on that day next month.”
So what the hysteria for?
Company behind the Badlock disclosure says pre-patch hype is good for business
Prepare to patch a critical flaw in Windows and Samba file sharing in 3 weeks
The patch will be available. That doesn’t mean it’s miraculously fixed.
Samba/SMB is how files are shared in Linux/Apple/Windows environments. A flaw in that functionality means every last platform is susceptible.
Word is that a successful exploit means that they have admin rights in the entire environment. For a flat network, that’s exceptionally bad.
Some people crave their 15 minutes of fame.
“Clear April 12: Windows, Samba to splat curious ‘crucial’ Badlock bug”
Translation please?
Thanks to rarestia for the ping!!
That's an ignorant remark. Network security should be more about prevention than disaster recovery.
Is a soldier standing guard outside a barracks, watching and carefully reacting to perceived danger, "craving his 15 minutes of fame"?
You might learn something about network administration and perhaps you won't sound so foolish.
Sounds like great timing, just before tax deadline!
Given current world events you might not want to cause panic for no good reason.
And this was originally posted to Breaking News.
CIFS (Common Internet File System) is the backbone to file services across most modern operating platforms (e.g. Windows, Linux, Apple). Windows uses SMB (Server Message Block) for CIFS, Linux and Apple use Samba to connect to Windows-based storage/shares.
Any vulnerability in Samba means the ability to transfer files securely or to parse ACLs (Access Control Lists) on file systems is at risk. This particular vulnerability is supposed to allow the attacker to take full administrative control of an enterprise through the Samba vulnerability, but details are not available yet.
For anyone who administers a network environment or file system, this is need-to-know and belongs in breaking news. This was announced late yesterday. Not sure anything else could qualify more for “breaking news” than this.
So Apple computers are vulnerable to hacking?
Oy.
That’s unclear at this time. If it’s a Samba vulnerability, it means that Apple and Linux machines are potentially vulnerable. I’m sure Apple will have updates out that day.
Releasing this info now has nothing to do with "prevention". You can't "prevent" it because no details about the problem have been released - unless of course you want to shut down SMB entirely until April 12, which I would guess that most businesses could not feasibly do.
My view is that *sometimes* these early hyped releases of "danger" without any details are to get the discoverer's name, or security consulting company's name, in the press, and hence their resume or marketing material.
Is a soldier standing guard outside a barracks, watching and carefully reacting to perceived danger, "craving his 15 minutes of fame"?
No. And he's not creating a web site and issuing press releases saying that "I, Private John Smith, guard of the barracks, heard a noise, and I'll take care of it in about an hour".
You might learn something about network administration and perhaps you won't sound so foolish.
Sorry dude, don't tell me what I need to learn. I wouldn't be running my 20+ year old software company if I needed to "learn" what I see going on with these things. Releasing that tidbit of information gives network administrators nothing to go on to prevent anything, but may give hackers enough information to pull up the Samba source code and scrutinize the "lock" code and come up with an exploit. And it gets this guy's name in the media. Otherwise, why do it 3 weeks out from an update being available?
The issue with what he found has apparently been in the SMB protocol or its implementations for quite some time. No one has found it or exploited it yet. But an update is coming in 3 weeks - so why not keep it to himself until closer to that time? If an exploit shows up before then, I blame him.
And why should we take his word for it that it is so egregious that every network admin needs to bring their world to a halt? We don't know who this guy is and what is credibility is. Sorry, disagree with what he did.
Yesterday I called the person who has helped me with computers since he is in the business and I have had good luck with his suggestions and work in the past.
Bottom line - He is going to upgrade me from Win 7 to Win 10 in May.
He told me another update to Win 10 would be made in April and to wait until it was out, and then he would come over and update my computer.
I wonder if that delay in upgrading me, has to do with this bug and /or some others Microsoft is working on? -tom
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.