SMB users, get ready for the Badlock vulnerability

Sit back and relax! Talk about anything here!
Forum rules
This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://account.synology.com/support/suppo ... p?lang=enu
User avatar
maxxfi
Compiler
Compiler
Posts: 6794
Joined: Sun Dec 27, 2009 12:13 pm
Location: Espoo, Finland

SMB users, get ready for the Badlock vulnerability

Postby maxxfi » Sat Mar 26, 2016 7:35 am

A new, serious serious vulnerability that affect both Windows computers and Samba systems has been announced, and given the name 'Badlock'
No details on what it is, but it's likely a weakness in the security of the SMB/CIFS protocol.

Vendors are working on preparing patches, and the vulnerability will be disclosed on April 12th, 2016 (which is the April 2016 'patch Tuesday' for Microsoft systems), together with the fixes.
A web page with the announcement has been put up at: http://badlock.org

I'm not 100% sure what's the current version of Samba used by Synology (but probably 4.1.20 or older) but note the following from the web announcement: "Please be aware that Samba 4.1 and below are out of support, even for security fixes."
DS-106j > DS-210j > DS-411
User avatar
jharle
I'm New!
I'm New!
Posts: 1
Joined: Thu Mar 17, 2016 5:52 am
Location: Utah, USA

Re: SMB users, get ready for the Badlock vulnerability

Postby jharle » Sat Mar 26, 2016 5:12 pm

Thanks for this!

Has multichannel been implemented in SAMBA yet? If so, the Synology devs might as well roll that in along with the patched version...kill two birds with one stone. :D
DS2415+ (DSM 6.0-7321)
User avatar
akahan
Skilled
Skilled
Posts: 695
Joined: Sat Jul 14, 2012 6:52 pm

Re: SMB users, get ready for the Badlock vulnerability

Postby akahan » Tue Apr 12, 2016 7:15 pm

Synology uses 4.1, and plans to fix it. See: https://www.synology.com/en-us/support/security/Badlock
User avatar
syno.dustin
Sorcerer
Sorcerer
Posts: 2244
Joined: Thu Oct 29, 2015 11:03 pm
Location: Seattle, WA

Re: SMB users, get ready for the Badlock vulnerability

Postby syno.dustin » Tue Apr 12, 2016 7:49 pm

jharle wrote:Thanks for this!

Has multichannel been implemented in SAMBA yet? If so, the Synology devs might as well roll that in along with the patched version...kill two birds with one stone. :D


Multichannel is still being worked on but has reached an experimental phase where it can be turned on: https://www.samba.org/samba/history/samba-4.4.0.html
If you need technical support please use this form: https://account.synology.com/support/support_form.php
Synology does not consistently browse this forum for technical support, feature requests, or any other inquiries as it notes at the top of the page. Please use the proper channels when you need help from someone at Synology.
User avatar
maxxfi
Compiler
Compiler
Posts: 6794
Joined: Sun Dec 27, 2009 12:13 pm
Location: Espoo, Finland

Re: SMB users, get ready for the Badlock vulnerability

Postby maxxfi » Wed Apr 13, 2016 5:47 am

syno.dustin wrote:Multichannel is still being worked on but has reached an experimental phase where it can be turned on: https://www.samba.org/samba/history/samba-4.4.0.html

I think it's important to point out that *experimental* level, which means OK for playing with the functionality but not for any production, as data corruption is still possible. Quoting from the Samba release notes:
CAVEAT: While this should be working without problems mostly,
there are still corner cases in the treatment of channel failures
that may result in DATA CORRUPTION when these race conditions hit.
It is hence

NOT RECOMMENDED TO USE MULTI-CHANNEL IN PRODUCTION

at this stage.
DS-106j > DS-210j > DS-411
User avatar
syno.dustin
Sorcerer
Sorcerer
Posts: 2244
Joined: Thu Oct 29, 2015 11:03 pm
Location: Seattle, WA

Re: SMB users, get ready for the Badlock vulnerability

Postby syno.dustin » Wed Apr 13, 2016 8:32 pm

maxxfi wrote:
syno.dustin wrote:Multichannel is still being worked on but has reached an experimental phase where it can be turned on: https://www.samba.org/samba/history/samba-4.4.0.html

I think it's important to point out that *experimental* level, which means OK for playing with the functionality but not for any production, as data corruption is still possible. Quoting from the Samba release notes:
CAVEAT: While this should be working without problems mostly,
there are still corner cases in the treatment of channel failures
that may result in DATA CORRUPTION when these race conditions hit.
It is hence

NOT RECOMMENDED TO USE MULTI-CHANNEL IN PRODUCTION

at this stage.


Well I would hope that anyone running Samba on something besides their Synology NAS would understand that when turning the feature on on their server/s.
If you need technical support please use this form: https://account.synology.com/support/support_form.php
Synology does not consistently browse this forum for technical support, feature requests, or any other inquiries as it notes at the top of the page. Please use the proper channels when you need help from someone at Synology.

Return to “The Lounge”

Who is online

Users browsing this forum: No registered users and 4 guests