University Crest

[wlug] Yes, Badlock bug was shamelessly hyped, but the threat is real

wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
Peter Reutemann fracpete@w...
Wed Apr 13 13:13:42 NZST 2016

"In a nutshell, Badlock refers to a defect in a security component
contained in just about every version of the Windows and Linux
operating systems. Known as the Distributed Computing
Environment/Remote Procedure Call (DCE/RPC), it's used by
administrators around the world to access the most valuable asset on
any Windows network—the Active Directory, which acts as a network's
digital security guard, allowing, for instance, an organization's CFO
to log in to an accounting server, while locking out the janitor or
the groundskeeper. Because Active Directories enforce security
policies and contain password data and other crucial credentials, they
are almost always the first asset hackers access once they gain a
limited foothold into a targeted network."

"An Active Directory infrastructure with a Samba server as a domain
member is vulnerable to this flaw," an advisory published Tuesday by
Linux distributor Red Hat warned. "A man-in-the-middle attacker could
intercept DCE/RPC traffic between the domain member and the domain
controller to impersonate the client and get the same privileges as
the authenticated user account. The attacker could view or modify
secrets within an AD database, including user password hashes, or
shutdown critical services."

-- source:

Cheers, Peter
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174

More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato