Badlock, a severe flaw affects every version of Windows and Samba

Pierluigi Paganini March 23, 2016

Developers from Microsoft and Samba Team are working on a security patch to fix a severe vulnerability dubbed Badlock.

Developers from Microsoft and Samba are working on a security patch to fix a severe vulnerability that affects almost every version of Windows and Samba.

Samba, which is present in nearly all Linux distributions, is a free software which implements the SMB/CIFS networking protocol to provide file and print services. Samba is also installed as a component of *BSD and OS X systems, it can integrate with Windows Active Directory and can act as a domain controller or as a domain member, Samba it popular because it allows a stable integration between Linux systems and Active Directory.

In 2015, Another Samba critical flaw was patched, it was a remote code execution vulnerability (CVE-2015-0240) that received a CVSS score of 10.

The flaw dubbed Badlock has been discovered by Stefan Metzmacher from SerNet firm which is also a member of the Samba Core Team.  Badlock is a critical vulnerability that Microsoft and Samba developers plan to fix in the next Patch Tuesday, on April 12, 2016.

The experts at SerNet have developed a website that will include all the information related to the Samba issue. The researchers are sure that the Badlock flaw will be exploited once they will publicly disclose its details.

Badlock was discovered by Stefan Metzmacher. He’s a member of the international Samba Core Teamand works at SerNet on Samba. He reported the bug to Microsoft and has been working closely with them to fix the problem.” is reported on the website.

badlock

“On April 12th, 2016 SerNet, the Samba Team and Microsoft will disclose a severe bug that affects almost all versions of Microsoft Windows and Samba. The bug is called “Badlock“. Due to the fundamental functions that are affected by the bug there will be no detailed information prior to the release of fixes by Microsoft and the Samba Team.” is reported in the official announcement published by SerNet.

“The coordinated efforts are meant to ensure a reasonable time to get the maximum number of systems repaired in short time,”

Some experts believe that the announcement made by SerNet could be very dangerous because hackers could start investigating the issue and discover it. According to SecurityWeek, the researcher David Litchfield has already discovered the issue too.

He posted the Tweets below that were later deleted

badlock tweet

Googling the term we can find an interesting post published by the Risk Based Security firm.

“The name Badlock is likely based on a file or resource locking mechanism within the SMB implementation, and the code that controls it. But that one file and one copyright from 10 years ago is not necessarily damning. Taking a quick look at the extensive source code of Samba, Stefan Metzmacher’s name appears in 463 files, with the copyright ranging from 2002 until 2014″ states the post.

Someone also speculated that Metzmacher, which is a renowned Samba expert, might have introduced the bug for profit or he has simply discovered and error he made in past coding on the project. Metzmacher signed 463 source code files of the Samba project, and it is likely that one of them includes the Badlock flaw.

Pierluigi Paganini

(Security Affairs –  Samba, Badlock)



you might also like

leave a comment