WhatsApp flaw allows others to modify group messages and usernames
In essence what this allows:
Abuse the ‘quote’ feature in a group chats to change the identity of the sender, even if that person is not a member of the group.
Alter the text of someone else’s reply.
Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it’s visible to everyone in the conversation.
If you’re one of those that manually updates Apps:
Update yo Apps!
Be wary of group message texts that suddenly change.
It sounds like you could effectively ddos the target without needing access to a huge amount of bandwidth (like a botnet). It’s not critical, but I thought it was relevant because of how many people here run pfsense. If it was a Fedora issue or something, I probably wouldn’t post it.
I’ll let @catsay address your concerns in detail, but as far as this thread goes, the posts don’t all need to be vulnerabilities. Any security-related advisories and update advisories that are relevant to the L1T community are fine.
The DEBUGCTL MSR contains several debugging features, some of which virtualise
cleanly, but some do not. In particular, Branch Trace Store is not
virtualised by the processor, and software has to be careful to configure it
suitably not to lock up the core. As a result, it must only be available to
fully trusted guests.
Unfortunately, in the case that vPMU is disabled, all value checking was
skipped, allowing the guest to chose any MSR_DEBUGCTL setting it likes.
IMPACT
A malicious or buggy guest administrator can lock up the entire host, causing
a Denial of Service.
VULNERABLE SYSTEMS
Xen versions 4.6 and later are vulnerable.
Only systems using Intel CPUs are affected. ARM and AMD systems are
unaffected.
Only x86 HVM or PVH guests can exploit the vulnerability. x86 PV guests
cannot exploit the vulnerability.
Running only x86 PV guests avoids the vulnerability.
this is a heads-up that there will be Samba security updates on
Tuesday, November 27 2018 (~ 8-11am UTC). Please make sure that your Samba
servers will be updated soon after the release!
Impacted components:
AD DC (CVSS 6.5, Medium)
We apologise for the short pre-notification notice.
Update:
TLDR; - This appears to be the most serious one.
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user
Here’s all of it:
Security Announcement
=======
Details
=======
o CVE-2018-14629:
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
o CVE-2018-16841:
When configured to accept smart-card authentication, Samba’s KDC will call
talloc_free() twice on the same memory if the principal in a validly signed
certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate.
talloc is robust against further corruption from a double-free with
talloc_free() and directly calls abort(), terminating the KDC process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16851:
During the processing of an LDAP search before Samba’s AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16852:
During the processing of an DNS zone in the DNS management DCE/RPC server,
the internal DNS server or the Samba DLZ plugin for BIND9, if the
DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
property is set, the server will follow a NULL pointer and terminate.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16853:
A user in a Samba AD domain can crash the KDC when Samba is built in the
non-default MIT Kerberos configuration.
With this advisory we clarify that the MIT Kerberos build of the Samba
AD DC is considered experimental. Therefore the Samba Team will not
issue security patches for this configuration.
o CVE-2018-16857:
AD DC Configurations watching for bad passwords (to restrict brute forcing
of passwords) in a window of more than 3 minutes may not watch for bad
passwords at all.
These are fixed in versions 4.9.3, 4.8.7 and 4.7.12.
