Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Badlock or Sadlock?

No matter which name you prefer, Badlock or Sadlock, for the recently disclosed CVE-2016-2118 (SAMR and LSA man-in-the-middle attacks possible) and for Windows by CVE-2016-0128/MS16-047 (Windows SAM and LSAD Downgrade Vulnerability) Tenable has you covered. Nessus®, SecurityCenter™, SecurityCenter CV™, or Passive Vulnerability Scanner™, Tenable can determine if you are at risk.

According to Badlock.org, the security vulnerabilities can be mostly categorized as man-in-the-middle or denial-of-service (DoS) attacks. These would permit execution of arbitrary Samba network calls using the context of the intercepted user, such as the ability to view or modify secrets within an AD database, including user password hashes, or shut down critical services or modify user permissions on files or directories. A DoS attack against the Samba service is also possible by an attacker with remote network connectivity.

Affected versions of Samba are:

  • 3.6.x
  • 4.0.x
  • 4.1.x
  • 4.2.0-4.2.9
  • 4.3.0-4.3.6
  • 4.4.0

Regardless of where you stand on the “Sadlock” discussion, if the hype warranted the naming of this vulnerability, Tenable can provide visibility into where to prioritize your remediation efforts for Badlock.

The Tenable response

Nessus

Impacted operating system vendors are making updates available. Tenable has issued a series of local and remote Nessus® plugins to detect the presence of affected versions of Samba or Windows:

MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock)

90440

Samba 3.x < 4.2.10 / 4.2.x < 4.2.10 / 4.3.x < 4.3.7 / 4.4.x < 4.4.1 Multiple Vulnerabilities (Badlock)

90508

Samba Badlock Vulnerability

90509

MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed check)

90510

CentOS 6 : samba (CESA-2016:0611)

90449

CentOS 6 / 7 : ipa / libldb / libtalloc / libtdb / libtevent / openchange / samba / samba4 (CESA-2016:0612)

90450

CentOS 5 : samba3x (CESA-2016:0613)

90451

CentOS 5 : samba (CESA-2016:0621)

90452

FreeBSD : samba – multiple vulnerabilities (a636fc26-00d9-11e6-b704-000c292e4fd8)

90474

Oracle Linux 6 : samba (ELSA-2016-0611)

90486

Oracle Linux 6 / 7 : samba / samba4 (ELSA-2016-0612)

90487

Oracle Linux 5 : samba3x (ELSA-2016-0613)

90488

Oracle Linux 5 : samba (ELSA-2016-0621)

90489

RHEL 6 : samba (RHSA-2016:0611)

90491

RHEL 6 / 7 : samba and samba4 (RHSA-2016:0612)

90492

RHEL 5 : samba3x (RHSA-2016:0613)

90493

RHEL 7 : samba (RHSA-2016:0618)

90495

RHEL 6 : samba (RHSA-2016:0619)

90496

RHEL 6 : samba4 (RHSA-2016:0620)

90497

RHEL 5 : samba (RHSA-2016:0621)

90498

RHEL 5 : samba (RHSA-2016:0623)

90499

RHEL 5 : samba3x (RHSA-2016:0624)

90500

Scientific Linux Security Update : samba3x on SL5.x i386/x86_64

90501

Scientific Linux Security Update : samba and samba4 on SL6.x, SL7.x i386/x86_64

90502

Scientific Linux Security Update : samba on SL5.x i386/x86_64

90503

Scientific Linux Security Update : samba on SL6.x i386/x86_64

90504

SecurityCenter

We have released a customized SecurityCenter™ dashboard to monitor, track and remediate critical assets affected by CVE-2016-2118 and CVE-2016-0128. This dashboard is automatically available via the feed to provide insight on the impact to your environment and the progress of your efforts to remediate this vulnerability.

Badlock Discovery Dashboard

SecurityCenter Continuous View detection capabilities

Note: Passive Vulnerability Scanner (PVS) is now Nessus Network Monitor. To learn more about this application and its latest capabilities, visit the Nessus Network Monitor web page.

The following LCE and PVS plugins address Badlock:

Samba < 4.2.10/11, < 4.3.7/8, < 4.4.1/2 Badlock Vulnerability

801967

Samba 4.4.x < 4.4.1 Multiple Vulnerabilities (Badlock)

9233

Samba 4.3.x < 4.3.7 Multiple Vulnerabilities (Badlock)

9232

Samba 4.2.x < 4.2.10 Multiple Vulnerabilities (Badlock)

9231

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.