WHAT HAPPENED?
The Samba Team has released security updates that address vulnerabilities, collectively known as Badlock, affecting both Windows operating systems and Samba in UNIX-like platforms.

Advanced Users: For a complete description of the security enhancements and affected software refer to Samba 4.4.2, 4.3.8 and 4.2.11 Security Releases Available for Download at https://www.samba.org/samba/latest_news.html#4.4.2 [1]


AFFECTED SYSTEMS:

Samba:

• 3.6.x
• 4.0.x
• 4.1.x
• 4.2.0 - 4.2.9
• 4.3.0 - 4.3.6
• 4.4.0

(Earlier versions have not been assessed)


WHAT'S THE PROBLEM?

"Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients." Samba is freely available, unlike other SMB/CIFS implementations, and allows for interoperability between Linux/Unix servers and Windows-based clients.

Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system or cause a Denial of Service.

HOW DO I PROTECT MY COMPUTER?

Users and administrators are encouraged to review the Security Advisories and apply the necessary updates:

• Samba 4.4.2, 4.3.8 and 4.2.11 Security Releases Available for Download at https://www.samba.org/samba/latest_news.html#4.4.2 [1]
• Vulnerability Note VU#813296 - Microsoft Windows and Samba may allow spoofing of authenticated users ("Badlock") - http://www.kb.cert.org/vuls/id/813296 [2]

RELATED LINKS

• Badlock Bug - http://badlock.org/ [3]
• IT Security - http://it.ucsf.edu/security [4]