[BBLISA] Fwd: [SECURITY] "Badlock" SMB vulnerability to be patched April 12

[Rob Taylor]

FYI, this doesn't sound good.... :-(

rgt

Whitehead Network/System Administrator

----- Forwarded Message -----
From: "Rob Taylor" <rgt at wi.mit.edu>
To: "Unix Support" <unix at wi.mit.edu>
Cc: "Doozers" <desktopstaff at wi.mit.edu>
Sent: Friday, March 25, 2016 12:43:39 PM
Subject: Fwd: [SECURITY] "Badlock" SMB vulnerability to be patched April 12

FYI, this doesn't sound good.... :-(

rgt

Whitehead Network/System Administrator

----- Forwarded Message -----
From: "Alex Keller" <axkeller at STANFORD.EDU>
To: SECURITY at LISTSERV.EDUCAUSE.EDU
Sent: Friday, March 25, 2016 4:05:45 AM
Subject: [SECURITY] "Badlock" SMB vulnerability to be patched April 12

Discovered by Stefan Metzmacher of the Samba core team, he advises "Please get yourself ready to patch all systems on this day. We are pretty sure that there will be exploits soon after we publish all relevant information". Stefan's colleague Johannes Loxen tweets "#badlock means admin accounts for everybody on the same LAN". Vulnerability apparently affects SMB implementation in both Samba and Windows. Researcher David Litchfield speculates "Due to the name 'Badlock,' I'm guessing controllable memory write after file handle invalidated on broken lock over CIFS".

Scant details:
http://www.theregister.co.uk/2016/03/22/badlock_bug
https://isc.sans.edu/diary/Getting+Ready+for+Badlock/20877

Heartbleed style disclosure site and logo:
http://badlock.org

Kaminsky weighs in on the hype:
http://www.wired.com/2016/03/hype-around-mysterious-badlock-bug-raises-criticism/

Courtesy of SANS handler on duty Johannes Ullrich, Stefan Metzmacher includes a curious comment in Samba's lock.c: 
/* this is quite bizarre - the spec says we must lie about the length! */ 
https://github.com/ccrisan/samba/blob/master/source4/libcli/smb2/lock.c

...hat tip to Tomáš F. for the heads-up.


Alex Keller
Stanford | Engineering
Information Technology
axkeller at stanford.edu
(650)736-6421