Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-9060: Impact of SMBLoris (ETR-2017-V005) on Centrify Adbindproxy and Samba

Centrify DirectControl ,   Centrify DirectControl Plugins ,  

18 August,17 at 05:51 PM

Applies to: 

All versions of Centrify Adbindproxy on all platforms.

Question:

What is the impact of SMBLoris (ETR-2017-V005) on Centrify Adbindproxy and Samba?


Answer:

The SMBLoris (ETR-2017-V005) flaw is a DOS attack that allows an attacker to open a connection to a remote computer via the SMB protocol and instruct that computer to allocate RAM to handle the connection. The attacker doesn't have to be authenticated.
 
The vulnerability does not allow remote code execution, which means an attacker can't take over vulnerable computers, but only crash them, at best.
 
Since Centrify no longer distributes Samba, Centrify will not be providing a fix for this issue.
 
 
However, there are mitigation mechanisms available.
 
Mitigation Options:
1. Use the 'max smb processes = <max number of processes allowed>' parameter in the /etc/samba/smb.conf file to limit the maximum number of smbd processes/connections allowed.
 
On Linux, admins can set "max smbd processes = 1000" in the Samba smb.conf config file to prevent attackers from opening a large number of SMB connections to the Samba server.
 
2. Limit the exposure of TCP port 445 to internet.
 
The release of Samba does not appear to matter in this case. However, we strongly recommend upgrading from version 3.6.x due to the Badlock Vulnerability (KB-6731).
 
Additional external references:

For additional information related to this threat/vulnerability please reference the following links: 
 
  • Microsoft Will Not Patch SMBLoris Vulnerability
           https://www.bleepingcomputer.com/news/security/microsoft-will-not-patch-smbloris-vulnerability/
         
Centrify Corporation does not take any responsibility for the content or availability of these links and they were provided as a courtesy.  Customers should contact the vendor if there are any further questions.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

No related Articles