Thursday, July 7, 2016

IBM Security Bulletin: Badlock Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2016-2118)

Badlock is a loophole that affects Windows and Samba systems/client. Badlock for Samba is referenced by CVE-2016-2118 (SAMR and LSA man in the middle attacks possible) and for Windows by CVE-2016-0128 / MS16-047 (Windows SAM and LSAD Downgrade Vulnerability). When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel’s endpoints, and obtain sensitive session information, by running a crafted application  and leveraging the ability to sniff network traffic.

CVE(s): CVE-2016-2118

Affected product(s) and affected version(s):

IBM Storwize V7000 Unified

The product is affected when running code releases 1.5.0.0 to 1.6.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29x5rDp
X-Force Database: http://ift.tt/1N2N4Ft



from IBM Product Security Incident Response Team http://ift.tt/29x4RFN

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.