Debian: DSA-4430-1: wpa security update

    Date11 Apr 2019
    CategoryDebian
    10510
    Posted ByLinuxSecurity Advisories
    Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) found multiple vulnerabilities in the WPA implementation found in wpa_supplication (station) and hostapd (access point). These vulnerability are also collectively known as "Dragonblood".
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4430-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                        Yves-Alexis Perez
    April 10, 2019                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : wpa
    CVE ID         : CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499
    Debian Bug     : 926801
    
    Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) found
    multiple vulnerabilities in the WPA implementation found in wpa_supplication
    (station) and hostapd (access point). These vulnerability are also collectively
    known as "Dragonblood".
    
    CVE-2019-9495
    
        Cache-based side-channel attack against the EAP-pwd implementation: an
        attacker able to run unprivileged code on the target machine (including for
        example javascript code in a browser on a smartphone) during the handshake
        could deduce enough information to discover the password in a dictionary
        attack.
    
    CVE-2019-9497
    
        Reflection attack against EAP-pwd server implementation: a lack of
        validation of received scalar and elements value in the EAP-pwd-Commit
        messages could result in attacks that would be able to complete EAP-pwd
        authentication exchange without the attacker having to know the password.
        This does not result in the attacker being able to derive the session key,
        complete the following key exchange and access the network.
    
    CVE-2019-9498
    
        EAP-pwd server missing commit validation for scalar/element: hostapd
        doesn't validate values received in the EAP-pwd-Commit message, so an
        attacker could use a specially crafted commit message to manipulate the
        exchange in order for hostapd to derive a session key from a limited set of
        possible values. This could result in an attacker being able to complete
        authentication and gain access to the network.
    
    CVE-2019-9499
    
        EAP-pwd peer missing commit validation for scalar/element: wpa_supplicant
        doesn't validate values received in the EAP-pwd-Commit message, so an
        attacker could use a specially crafted commit message to manipulate the
        exchange in order for wpa_supplicant to derive a session key from a limited
        set of possible values. This could result in an attacker being able to
        complete authentication and operate as a rogue AP.
    
    Note that the Dragonblood moniker also applies to CVE-2019-9494 and
    CVE-2014-9496 which are vulnerabilities in the SAE protocol in WPA3. SAE is not
    enabled in Debian stretch builds of wpa, which is thus not vulnerable by default.
    
    Due to the complexity of the backporting process, the fix for these
    vulnerabilities are partial. Users are advised to use strong passwords to
    prevent dictionary attacks or use a 2.7-based version from stretch-backports
    (version above 2:2.7+git20190128+0c1e29f-4).
    
    For the stable distribution (stretch), these problems have been fixed in
    version 2:2.4-1+deb9u3.
    
    We recommend that you upgrade your wpa packages.
    
    For the detailed security status of wpa please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/wpa
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"6","type":"x","order":"1","pct":60,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":30,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":10,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.