Posted on 04/13/2016 2:06:43 PM PDT by Mannaggia l'America
Microsoft and the Samba project fixed a vulnerability in their implementation of the SMB/CIFS protocol after the flaw was initially announced three weeks ago under the name Badlock.
The vulnerability, covered by Microsoft in its MS16-047 security bulletin published Tuesday, was also fixed in Samba 4.4.2, 4.3.8 and 4.2.11. It could allow a man-in-the-middle attacker to impersonate an authenticated user and execute arbitrary network calls to the server, possibly with administrative privileges.
Badlock's existence was announced on March 22 by a company called SerNet, which offers Samba consulting, support and development services. It employs the person who found the flaw: A Samba development team member named Stefan Metzmacher.
SerNet was criticized by some members of the security community at the time because it created a special name, logo and website for the vulnerability and revealed its existence three weeks before the patch, giving hackers ample time to find it on their own, even in the absence of technical details.
The company argued that the vulnerability was severe enough to warrant this approach, which is debatable now that the flaw's details are out and it appears to be less serious than most people expected.
(Excerpt) Read more at computerworld.com ...
I could tell by the way the details (or lack thereof) were released. Irresponsibly, without giving time for affected parties to release a patch, and with bluster, with the "bug" being given its own logo, name, and web site, created by the person who "discovered" it...
All for his attempt at 15 minutes of Internet fame...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.