All versions of Centrify Adbindproxy on all platforms.
What is the impact of SMBLoris (ETR-2017-V005) on Centrify Adbindproxy and Samba?Answer:The SMBLoris (ETR-2017-V005) flaw is a DOS attack that allows an attacker to open a connection to a remote computer via the SMB protocol and instruct that computer to allocate RAM to handle the connection. The attacker doesn't have to be authenticated.
The vulnerability does not allow remote code execution, which means an attacker can't take over vulnerable computers, but only crash them, at best.
Since Centrify no longer distributes Samba, Centrify will not be providing a fix for this issue.
However, there are mitigation mechanisms available.
1. Use the 'max smb processes = <max number of processes allowed>' parameter in the /etc/samba/smb.conf file to limit the maximum number of smbd processes/connections allowed.
On Linux, admins can set "max smbd processes = 1000" in the Samba smb.conf config file to prevent attackers from opening a large number of SMB connections to the Samba server.
2. Limit the exposure of TCP port 445 to internet.
The release of Samba does not appear to matter in this case. However, we strongly recommend upgrading from version 3.6.x due to the Badlock Vulnerability (KB-6731). Additional external references:For additional information related to this threat/vulnerability please reference the following links:
- Microsoft Will Not Patch SMBLoris Vulnerability
Centrify Corporation does not take any responsibility for the content or availability of these links and they were provided as a courtesy. Customers should contact the vendor if there are any further questions.