Badlock
Appearance
CVE identifier(s) | CVE-2016-2118 |
---|---|
Website | https://web.archive.org/web/20170608065927/http://badlock.org/ |
Badlock (CVE-2016-2118) is a security bug disclosed on April 12, 2016 affecting the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols[1] supported by Windows and Samba servers.[2]
Both SAM and LSAD are layered onto the DCE 1.1 Remote Procedure Call (DCE/RPC) protocol. As implemented in Samba and Windows, the RPC services allowed an attacker to become man in the middle.[3] Although the vulnerability was discovered during the development of Samba, the namegiving SMB protocol itself is not affected.
References
[edit]- ^ "Microsoft Security Bulletin MS16-047". Microsoft TechNet. 2016-04-12. Retrieved 2018-02-21.
- ^ "Badlock Bug". Archived from the original on 2017-06-08. Retrieved 2018-02-21.
- ^ "CVE-2016-2118". Retrieved 2018-02-21.
External links
[edit]- Badlock Bug at the Wayback Machine (archived 2017-06-08)