[SECURITY] [DLA 1150-1] wpa security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1150-1] wpa security update
From: Antoine Beaupré <anarcat@debian.org>
Date: Tue, 31 Oct 2017 10:48:26 -0400
Message-id: <[🔎] 20171031144826.enjjqbqvsu2cohy2@curie.anarc.at>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : wpa
Version        : 1.0-3+deb7u5
CVE ID         : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 
                 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 
                 CVE-2017-13088

A vulnerability was found in how WPA code can be triggered to
reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific
frame that is used to manage the keys. Such reinstallation of the
encryption key can result in two different types of vulnerabilities:
disabling replay protection and significantly reducing the security of
encryption to the point of allowing frames to be decrypted or some parts
of the keys to be determined by an attacker depending on which cipher is
used.

Those issues are commonly known under the "KRACK" appelation. According
to US-CERT, "the impact of exploiting these vulnerabilities includes
decryption, packet replay, TCP connection hijacking, HTTP content
injection, and others."

CVE-2017-13077

    Reinstallation of the pairwise encryption key (PTK-TK) in the
    4-way handshake.

CVE-2017-13078

    Reinstallation of the group key (GTK) in the 4-way handshake.

CVE-2017-13079

    Reinstallation of the integrity group key (IGTK) in the 4-way
    handshake.

CVE-2017-13080

    Reinstallation of the group key (GTK) in the group key handshake.

CVE-2017-13081

    Reinstallation of the integrity group key (IGTK) in the group key
    handshake.

CVE-2017-13082

    Accepting a retransmitted Fast BSS Transition (FT) Reassociation
    Request and reinstalling the pairwise encryption key (PTK-TK)
    while processing it.

CVE-2017-13084

    Reinstallation of the STK key in the PeerKey handshake.

CVE-2017-13086

    reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey
    (TPK) key in the TDLS handshake.

CVE-2017-13087

    reinstallation of the group key (GTK) when processing a Wireless
    Network Management (WNM) Sleep Mode Response frame.

CVE-2017-13088

    reinstallation of the integrity group key (IGTK) when processing a
    Wireless Network Management (WNM) Sleep Mode Response frame.

For Debian 7 "Wheezy", these problems have been fixed in version
1.0-3+deb7u5. Note that the latter two vulnerabilities (CVE-2017-13087
and CVE-2017-13088) were mistakenly marked as fixed in the changelog
whereas they simply did not apply to the 1.0 version of the WPA source
code, which doesn't implement WNM sleep mode responses.

We recommend that you upgrade your wpa packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] [DLA 1149-1] wget security update
Next by Date: [SECURITY] [DLA 1152-1] quagga security update
Previous by thread: [SECURITY] [DLA 1149-1] wget security update
Next by thread: [SECURITY] [DLA 1152-1] quagga security update
Index(es):
- Date
- Thread