Jump to content

Badlock Vulnerability Falls Flat Against Its Hype


Recommended Posts

There were actually folks freaking out over a relatively mild vulnerability.




"Weeks of anxiety and concern over the Badlock vulnerability ended today with an anticlimactic thud.


Badlock was the security boogeyman since the appearance three weeks ago of a website and logo branding the bug as something serious in Samba, an open source implementation of the server message block (SMB) protocol that provides file and print services for Windows clients.


As it turns out, Badlock was hardly the remote code execution monster many anticipated. Instead, it’s a man-in-the-middle and denial-of-service bug, allowing an attacker to elevate privileges or crash a Windows machine running Samba services.


SerNet, a German consultancy behind the discovery of Badlock, fueled the hype at the outset with a number of since-deleted tweets that said any marketing boost as a result of its branding and private disclosure of the bug to Microsoft was a bonus for its business.

For its part, Microsoft refused to join the hype machine and today in MS16-047 issued a security update it rated “Important” for the Windows Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD). The bulletin patches one vulnerability (CVE-2016-0128), an elevation of privilege bug in both SAM and LSAD that could be exploited in a man-in-the-middle attack, forcing a downgrade of the authentication level of both channels, Microsoft said. An attacker could then impersonate an authenticated user.


The bug, meanwhile, has not been publicly exploited according to Microsoft and SerNet, despite attackers having a three-week headstart.


“It may be possible since we already have several PoC (none of them will be released in the near future),” the badlock.org advisory said.


Red Hat security strategist Josh Bressers said Badlock could have been much worse, especially if it had turned out to be a memory corruption issue in SMB as some had surmised. Such a scenario would have cleared a path for remote code execution, for example.

“Badlock is one more potentially dangerous exploit that was identified and addressed by the open source community before it caused significant damage to the broader connected world,” he said.


The Samba team said there are a number of mitigations that can be used until patches are applied, including DHCP snooping and ARP inspection to counter man-in-the-middle attacks, and firewall rules permitting connectivity only from trusted addresses could prevent denial-of-service attacks.


Badlock, meanwhile, threatens to take focus away from the remainder of today’s Microsoft security bulletins, six of which were rated critical by Microsoft.


“For many people, the Badlock hype was just that, a lot of hype,” said Andrew Storms, vice president of security services at New Context. “Security teams should patch immediately, but also put it in perspective with all of the patches that Microsoft released today. For example, patching a remote code execution bug in Internet Explorer may be more important to your organization than the over-hyped Badlock.”


Representatives of SerNet and Samba did not return requests for comment. The security community, however, in short order took to Twitter with a tidal wave of cynical reaction to the Badlock hype."


The full article with lots more info, hot links, and administrator/Linux/Server info is here: https://threatpost.com/badlock-vulnerability-falls-flat-against-its-hype/117349/

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

RVers Online University


Our program provides accurate individual wheel weights for your RV, toad, and tow vehicle, and will help you trim the pounds if you need to.

RV Cable Grip

RV Cable Grip

All the water you need...No matter where you go

Country Thunder Iowa

Nomad Internet

Rv Share

Dish For My RV.

RV Air.

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

The Rvers- Now Streaming

RVTravel.com Logo

  • Create New...