Security Update:Samba Released Security Updates to Address Badlock Vulnerability in Windows and Samba
Date and Time
Samba Windows and Unix-like Operating System Users
The Samba Team has released security updates that address vulnerabilities, collectively known as Badlock, affecting both Windows operating systems and Samba in UNIX-like platforms.
Advanced Users: For a complete description of the security enhancements and affected software refer to Samba 4.4.2, 4.3.8 and 4.2.11 Security Releases Available for Download at https://www.samba.org/samba/latest_news.html#4.4.2
- 4.2.0 - 4.2.9
- 4.3.0 - 4.3.6
(Earlier versions have not been assessed)
WHAT'S THE PROBLEM?
"Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients." Samba is freely available, unlike other SMB/CIFS implementations, and allows for interoperability between Linux/Unix servers and Windows-based clients.
Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system or cause a Denial of Service.
HOW DO I PROTECT MY COMPUTER?
Users and administrators are encouraged to review the Security Advisories and apply the necessary updates:
- Samba 4.4.2, 4.3.8 and 4.2.11 Security Releases Available for Download at https://www.samba.org/samba/latest_news.html#4.4.2
- Vulnerability Note VU#813296 - Microsoft Windows and Samba may allow spoofing of authenticated users ("Badlock") - http://www.kb.cert.org/vuls/id/813296