The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Windows, Samba: code execution via Badlock

Synthesis of the vulnerability 

An attacker can use the Badlock vulnerability of Windows or Samba, in order to run code.
Vulnerable software: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, Db2 UDB, QRadar SIEM, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Data ONTAP 7-Mode, openSUSE, openSUSE Leap, Solaris, Pulse Connect Secure, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity of this announce: 3/4.
Number of vulnerabilities in this bulletin: 9.
Creation date: 23/03/2016.
Revision date: 12/04/2016.
Références of this computer vulnerability: 1986595, 1987766, 3148527, 9010080, bulletinjan2016, bulletinoct2016, c05162399, CVE-2015-5370, CVE-2016-0128, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, DLA-509-1, DSA-3548-1, DSA-3548-2, DSA-3548-3, FEDORA-2016-48b3761baa, FEDORA-2016-be53260726, HPSBUX03616, MS16-047, NTAP-20160412-0001, openSUSE-SU-2016:1025-1, openSUSE-SU-2016:1064-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, openSUSE-SU-2016:1440-1, RHSA-2016:0611-01, RHSA-2016:0612-01, RHSA-2016:0613-01, RHSA-2016:0618-01, RHSA-2016:0619-01, RHSA-2016:0620-01, RHSA-2016:0621-01, RHSA-2016:0623-01, RHSA-2016:0624-01, RHSA-2016:0625-01, SA122, SA40196, SOL37603172, SOL53313971, SSA:2016-106-02, SSRT110128, SUSE-SU-2016:1022-1, SUSE-SU-2016:1023-1, SUSE-SU-2016:1024-1, SUSE-SU-2016:1028-1, SUSE-SU-2016:1105-1, USN-2950-1, USN-2950-2, USN-2950-3, USN-2950-4, USN-2950-5, VIGILANCE-VUL-19207, VU#813296.

Description of the vulnerability 

The Windows and Samba products implement authentication for CIFS.

However, several vulnerabilities in these implementations can be used by a Man-in-the-Middle, or to weaken the protocol.

An attacker can therefore use the Badlock vulnerability of Windows or Samba, in order to run code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability impacts software or systems such as ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, Db2 UDB, QRadar SIEM, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Data ONTAP 7-Mode, openSUSE, openSUSE Leap, Solaris, Pulse Connect Secure, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.

Our Vigil@nce team determined that the severity of this security announce is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 9 vulnerabilities.

An attacker with a expert ability can exploit this computer vulnerability note.

Solutions for this threat 

Windows: patch for Badlock.
A patch is indicated in information sources.

Samba: version 4.4.2.
The version 4.4.2 is fixed:
  https://download.samba.org/pub/samba/stable/

Samba: version 4.3.8.
The version 4.3.8 is fixed:
  https://download.samba.org/pub/samba/stable/

Samba: version 4.2.11.
The version 4.2.11 is fixed:
  https://download.samba.org/pub/samba/stable/

Windows, Samba: workaround for Badlock.
A workaround is to filter access to 139 and 445 ports.

Blue Coat ProxySG: versions 6.5.9.8, 6.6.4.1.
The version 6.5.9.8 is partly fixed. The verson 6.6.4.1 is fully fixed.

Debian: new samba packages.
New packages are available:
  Debian 7: samba 2:3.6.6-6+deb7u10
  Debian 8: samba 2:4.2.10+dfsg-0+deb8u3
A configuration update may be nécessary for Wheezy.

F5 BIG-IP: fixed versions for Samba.
Fixed versions are indicated in information sources.

Fedora: new samba packages.
New packages are available:
  Fedora 22: samba 4.2.11-0.fc22
  Fedora 23: samba 4.3.8-0.fc23

HP-UX: CIFS-Server version 03.02.06.
The version CIFS-Server 03.02.06 is fixed:
  https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumber=B8725AA

IBM DB2: solution.
The solution is indicated in information sources.

IBM QRadar SIEM: version 7.1 MR2 Patch 13.
The version 7.1 MR2 Patch 13 is fixed:
  https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.1.0&platform=Linux&function=fixId&fixids=7.1.0-QRADAR-QRSIEM-1104593&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=fc

IBM QRadar SIEM: version 7.2.6 Patch 7.
The version 7.2.6 Patch 7 is fixed:
  https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%2BSecurity&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=fixId&fixids=7.2.7-QRADAR-QRSIEM-20160519230548&includeRequisites=1&includeSupersedes=0&downloadMethod=http

NetApp Data ONTAP: patch for Badlock.
A patch is available:
  Data ONTAP operating in 7-Mode: http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=1000568

NetApp Data ONTAP: patch for SMB.
A patch is available:
  Data ONTAP operating in 7-Mode: http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=1000568

openSUSE 11.4/13.1: new samba packages.
New packages are available:
  openSUSE 13.1: samba 4.2.4-3.54.2, apparmor 2.8.4-4.20.1
  openSUSE 11.4: samba 3.6.3-141.1

openSUSE 13.2: new samba packages.
New packages are available:
  openSUSE 13.2: samba 4.2.4-37.1

openSUSE Leap 42.1: new samba packages.
New packages are available:
  openSUSE Leap 42.1: samba 4.2.4-15.1

RHEL: new samba packages.
New packages are available:
  RHEL 4: samba 3.0.33-3.37.el4
  RHEL 5: samba 3.0.33-3.41.el5_11, samba3x 3.6.23-12.el5_11
  RHEL 6: samba 3.6.23-30.el6_7, samba4 4.2.10-6.el6_7
  RHEL 7: samba 4.2.10-6.el7_2

Slackware: new samba packages.
New packages are available:
  Slackware 14.0: samba 4.2.11-*-1_slack14.0
  Slackware 14.1: samba 4.2.11-*-1_slack14.1

Solaris: patch for Samba.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Solaris: patch for third party software of October 2016 v2.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

SUSE LE 10 SP4: new samba packages.
New packages are available:
  SUSE LE 10 SP4: samba 3.0.36-0.13.32.1

SUSE LE: new samba packages.
New packages are available:
  SUSE LE 11 SP2: samba 3.6.3-52.1
  SUSE LE 11 SP3: samba 3.6.3-76.1
  SUSE LE 11 SP4: samba 3.6.3-76.1
  SUSE LE 12 RTM: samba 4.2.4-18.17.1
  SUSE LE 12 SP1: samba 4.2.4-16.1

Synology RS, DS: version 5.2-5967 and 6.0-7321-3.
Versions 5.2-5967 and 6.0-7321-3 are fixed:
  https://www.synology.com/

Ubuntu: new libsoup2.4-1 packages.
New packages are available:
  Ubuntu 16.04 LTS: libsoup2.4-1 2.52.2-1ubuntu0.1
  Ubuntu 15.10: libsoup2.4-1 2.50.0-2ubuntu0.1
  Ubuntu 14.04 LTS: libsoup2.4-1 2.44.2-1ubuntu2.1

Ubuntu: new samba packages.
New packages are available:
  Ubuntu 16.04 LTS: samba 2:4.3.9+dfsg-0ubuntu0.16.04.2
  Ubuntu 15.10: samba 2:4.3.9+dfsg-0ubuntu0.15.10.2
  Ubuntu 14.04 LTS: samba 2:4.3.9+dfsg-0ubuntu0.14.04.3
  Ubuntu 12.04 LTS: samba 2:3.6.25-0ubuntu0.12.04.4
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides systems vulnerabilities analysis. The technology watch team tracks security threats targeting the computer system.