Debian: DSA-3999-1: wpa security update

    Date16 Oct 2017
    CategoryDebian
    79
    Posted ByLinuxSecurity Advisories
    Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3999-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                        Yves-Alexis Perez
    October 16, 2017                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : wpa
    CVE ID         : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 
                     CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 
                     CVE-2017-13088
    
    Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered
    multiple vulnerabilities in the WPA protocol, used for authentication in
    wireless networks. Those vulnerabilities applies to both the access point
    (implemented in hostapd) and the station (implemented in wpa_supplicant).
    
    An attacker exploiting the vulnerabilities could force the vulnerable system to
    reuse cryptographic session keys, enabling a range of cryptographic attacks
    against the ciphers used in WPA1 and WPA2. 
    
    More information can be found in the researchers's paper, Key Reinstallation
    Attacks: Forcing Nonce Reuse in WPA2.
    
    CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
    CVE-2017-13078: reinstallation of the group key in the Four-way handshake
    CVE-2017-13079: reinstallation of the integrity group key in the Four-way
                    handshake
    CVE-2017-13080: reinstallation of the group key in the Group Key handshake
    CVE-2017-13081: reinstallation of the integrity group key in the Group Key
                    handshake
    CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
                    Request and reinstalling the pairwise key while processing it
    CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey
                    (TPK) key in the TDLS handshake
    CVE-2017-13087: reinstallation of the group key (GTK) when processing a
                    Wireless Network Management (WNM) Sleep Mode Response frame
    CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
                    processing a Wireless Network Management (WNM) Sleep Mode
                    Response frame
    
    For the oldstable distribution (jessie), these problems have been fixed
    in version 2.3-1+deb8u5.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 2:2.4-1+deb9u1.
    
    For the testing distribution (buster), these problems have been fixed
    in version 2:2.4-1.1.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 2:2.4-1.1.
    
    We recommend that you upgrade your wpa packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.