So, it turns out that the “Badlock” Samba exploit wasn’t quite as bad as it was originally cracked up to be. If you haven’t heard of Badlock, you’re not alone. It made the rounds in Internet security circles, but wasn’t widely publicized because it is a fairly specific, narrow threat, unlike some of the other broad spectrum security flaws we’ve seen in recent months.
Specifically, this is an exploit that allows a hacker to conduct a man in the middle attack, spoofing the ID of an authenticated user, and make network calls to the server, potentially with admin privileges. Because this exploit is limited to SMB/CIFS protocols however, and because it requires a hacker to be at the right place at just the right time in order to execute an attack that utilizes this exploit, it was ultimately deemed important, but non-critical.
SerNet, the company that originally published its findings on the exploit initially made a big deal about it, and was criticized by some members of the internet security community for doing so, because on closer analysis, the problem just isn’t a critical one.
That’s not to say it’s unimportant, but when compared to some of the more profile exploits we’ve seen over the last 18 to 24 months (HeartBleed, for example), which impacted millions of servers the world over, BadLock’s threat level and potential impact just isn’t in the same ballpark.
Nonetheless, there has already been a patch developed and released to address this exploit, and you should absolutely apply it.
Note that the exploit effects all versions of Samba from 3.6.x to 4.4.0, although some of the older versions are no longer receiving patch support, so if you’re using Samba 4.2 or older, you’ll want to upgrade and then patch your system.
If you’re struggling to keep pace with all the latest security threats, you’re not alone. The good news though, is that we can help. Contact us today and a member of our team will be happy to help review your current system and assess where your security could use shoring up!