Badlock is a loophole that affects Windows and Samba systems/client. Badlock for Samba is referenced by CVE-2016-2118 (SAMR and LSA man in the middle attacks possible) and for Windows by CVE-2016-0128 / MS16-047 (Windows SAM and LSAD Downgrade Vulnerability). When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel’s endpoints, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic.
CVE(s): CVE-2016-2118
Affected product(s) and affected version(s):
IBM Storwize V7000 Unified
The product is affected when running code releases 1.5.0.0 to 1.6.0.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29x5rDp
X-Force Database: http://ift.tt/1N2N4Ft
from IBM Product Security Incident Response Team http://ift.tt/29x4RFN
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.