SMB users, get ready for the Badlock vulnerability

Sit back and relax! Talk about anything here!
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:

https://account.synology.com/support/su ... p?lang=enu



2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
User avatar
maxxfi
Compiler
Compiler
Posts: 6794
Joined: Sun Dec 27, 2009 12:13 pm
Location: Espoo, Finland

SMB users, get ready for the Badlock vulnerability

Unread post by maxxfi » Sat Mar 26, 2016 7:35 am

A new, serious serious vulnerability that affect both Windows computers and Samba systems has been announced, and given the name 'Badlock'
No details on what it is, but it's likely a weakness in the security of the SMB/CIFS protocol.

Vendors are working on preparing patches, and the vulnerability will be disclosed on April 12th, 2016 (which is the April 2016 'patch Tuesday' for Microsoft systems), together with the fixes.
A web page with the announcement has been put up at: http://badlock.org

I'm not 100% sure what's the current version of Samba used by Synology (but probably 4.1.20 or older) but note the following from the web announcement: "Please be aware that Samba 4.1 and below are out of support, even for security fixes."
No longer using Synology NAS, moved to more open source solutions.
DS-106j > DS-210j > DS-411

User avatar
jharle
I'm New!
I'm New!
Posts: 1
Joined: Thu Mar 17, 2016 5:52 am
Location: Utah, USA

Re: SMB users, get ready for the Badlock vulnerability

Unread post by jharle » Sat Mar 26, 2016 5:12 pm

Thanks for this!

Has multichannel been implemented in SAMBA yet? If so, the Synology devs might as well roll that in along with the patched version...kill two birds with one stone. :D
DS2415+ (DSM 6.0-7321)

User avatar
akahan
Distinguished
Distinguished
Posts: 898
Joined: Sat Jul 14, 2012 6:52 pm

Re: SMB users, get ready for the Badlock vulnerability

Unread post by akahan » Tue Apr 12, 2016 7:15 pm

Synology uses 4.1, and plans to fix it. See: https://www.synology.com/en-us/support/security/Badlock

User avatar
syno.dustin
Sorcerer
Sorcerer
Posts: 2244
Joined: Thu Oct 29, 2015 11:03 pm
Location: Seattle, WA

Re: SMB users, get ready for the Badlock vulnerability

Unread post by syno.dustin » Tue Apr 12, 2016 7:49 pm

jharle wrote:Thanks for this!

Has multichannel been implemented in SAMBA yet? If so, the Synology devs might as well roll that in along with the patched version...kill two birds with one stone. :D
Multichannel is still being worked on but has reached an experimental phase where it can be turned on: https://www.samba.org/samba/history/samba-4.4.0.html
If you need technical support please use this form: https://account.synology.com/support/support_form.php
Synology does not consistently browse this forum for technical support, feature requests, or any other inquiries as it notes at the top of the page. Please use the proper channels when you need help from someone at Synology.

User avatar
maxxfi
Compiler
Compiler
Posts: 6794
Joined: Sun Dec 27, 2009 12:13 pm
Location: Espoo, Finland

Re: SMB users, get ready for the Badlock vulnerability

Unread post by maxxfi » Wed Apr 13, 2016 5:47 am

syno.dustin wrote: Multichannel is still being worked on but has reached an experimental phase where it can be turned on: https://www.samba.org/samba/history/samba-4.4.0.html
I think it's important to point out that *experimental* level, which means OK for playing with the functionality but not for any production, as data corruption is still possible. Quoting from the Samba release notes:
CAVEAT: While this should be working without problems mostly,
there are still corner cases in the treatment of channel failures
that may result in DATA CORRUPTION when these race conditions hit.
It is hence

NOT RECOMMENDED TO USE MULTI-CHANNEL IN PRODUCTION

at this stage.
No longer using Synology NAS, moved to more open source solutions.
DS-106j > DS-210j > DS-411

User avatar
syno.dustin
Sorcerer
Sorcerer
Posts: 2244
Joined: Thu Oct 29, 2015 11:03 pm
Location: Seattle, WA

Re: SMB users, get ready for the Badlock vulnerability

Unread post by syno.dustin » Wed Apr 13, 2016 8:32 pm

maxxfi wrote:
syno.dustin wrote: Multichannel is still being worked on but has reached an experimental phase where it can be turned on: https://www.samba.org/samba/history/samba-4.4.0.html
I think it's important to point out that *experimental* level, which means OK for playing with the functionality but not for any production, as data corruption is still possible. Quoting from the Samba release notes:
CAVEAT: While this should be working without problems mostly,
there are still corner cases in the treatment of channel failures
that may result in DATA CORRUPTION when these race conditions hit.
It is hence

NOT RECOMMENDED TO USE MULTI-CHANNEL IN PRODUCTION

at this stage.
Well I would hope that anyone running Samba on something besides their Synology NAS would understand that when turning the feature on on their server/s.
If you need technical support please use this form: https://account.synology.com/support/support_form.php
Synology does not consistently browse this forum for technical support, feature requests, or any other inquiries as it notes at the top of the page. Please use the proper channels when you need help from someone at Synology.

Post Reply

Return to “The Lounge”