BADLOCK Vulnerability


SUMMARY

Apr 21, 2016

The Snare Server utilises a hardened, and minimised Linux installation based on Ubuntu 14.04 to provide baseline computing services. This means that often, security vulnerabilities that impact a general purpose operating system, do not affect the Snare Server, or have a significantly reduced severity.

There has been some recent press about the BADLOCK vulnerability affecting systems that use the "Samba" software. In particular, the issue tends to affect systems that participate in the Windows active directory domain infrastructure.

The Snare Server does use Samba to provide an optional interface to the Snare Server eventlog data store (the feature is off by default), but it is not configured to participate in the host environment domain infrastructure. In addition, the Samba package in Ubuntu 14.04, which the Snare Server utilises, has been marked as "DNE" (Does Not Exist) for this particular issue, by the Ubuntu support team.

More information is available here:
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2118.html
https://www.samba.org/samba/security/CVE-2016-2118.html