Skip to content
  • There are no suggestions because the search field is empty.

ESA-2016-058: RSA Security Analytics Security Update for Samba Badlock Vulnerability

Tags: RSA NetWitness Platform, Security Advisories

Advisory Type

Security


Advisory Content

EMC Identifier: ESA-2016-058

CVE Identifier: CVE-2016-2118


Severity Rating: CVSSv3 Base Score: 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)


Affected products:

·         RSA Security Analytics 10.6 and 10.6.0.1


Summary:

RSA Security Analytics Malware Analysis service embeds Samba package that is potentially vulnerable to the Badlock vulnerability. The vulnerability could potentially be exploited by a man in the middle to compromise affected systems.

Details:

On April 12, 2016, a vulnerability known as “Badlock” bug was publicly disclosed in the Security Account Manager Remote Protocol [MS-SAMR] and the Local Security Authority (Domain Policy) Remote Protocol [MS-LSAD]. Both are application level protocols based on the generic DCE 1.1 Remote Procedure Call (DCERPC) protocol. Any authenticated DCERPC connection a client initiates against a server can be used by a man in the middle to impersonate the authenticated user against the SAMR or LSAD service on the server.

RSA Security Analytics Malware Analysis service embeds Samba package that is potentially vulnerable to this issue. The details for this vulnerability can be found at https://www.samba.org/samba/security/CVE-2016-2118.html

Recommendation:

RSA recommends all customers upgrade to the version listed below at the earliest opportunity:

·         RSA Security Analytics 10.6.0.2

Severity Rating:

For an explanation of Severity Ratings, refer to the Knowledge Base Article, “Security Advisories Severity Rating” at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability

For additional documentation, downloads, and more, visit Security Analytics" data-type="space on RSA Link

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details.
Product Version Life Cycle