[Librecmc-users] [Fwd: [SECURITY] [DSA 4430-1] wpa security update]

Christopher Howard christopher at alaskasi.com
Thu Apr 11 13:56:51 EDT 2019


Hi, I was just wondering if any of this could be a concern for my
librecmc systems, using WPA2 authentication.

-------- Forwarded Message --------
Date: Thu, 11 Apr 2019 08:12:24 +0200Subject: [SECURITY] [DSA 4430-1]
wpa security updateTo: debian-security-announce at lists.debian.orgReply-t
o: debian-security-announce-request at lists.debian.orgFrom: Yves-Alexis
Perez <corsac at debian.org>--------------------------------------------
-----------------------------
Debian Security Advisory DSA-4430-1                   security at debian.o
rg
https://www.debian.org/security/                        Yves-Alexis
Perez
April 10, 2019                        https://www.debian.org/security/f
aq
---------------------------------------------------------------------
----

Package        : wpa
CVE ID         : CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-
9499
Debian Bug     : 926801

Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven)
found
multiple vulnerabilities in the WPA implementation found in
wpa_supplication
(station) and hostapd (access point). These vulnerability are also
collectively
known as "Dragonblood".

CVE-2019-9495

    Cache-based side-channel attack against the EAP-pwd implementation:
an
    attacker able to run unprivileged code on the target machine
(including for
    example javascript code in a browser on a smartphone) during the
handshake
    could deduce enough information to discover the password in a
dictionary
    attack.

CVE-2019-9497

    Reflection attack against EAP-pwd server implementation: a lack of
    validation of received scalar and elements value in the EAP-pwd-
Commit
    messages could result in attacks that would be able to complete
EAP-pwd
    authentication exchange without the attacker having to know the
password.
    This does not result in the attacker being able to derive the
session key,
    complete the following key exchange and access the network.

CVE-2019-9498

    EAP-pwd server missing commit validation for scalar/element:
hostapd
    doesn't validate values received in the EAP-pwd-Commit message, so
an
    attacker could use a specially crafted commit message to manipulate
the
    exchange in order for hostapd to derive a session key from a
limited set of
    possible values. This could result in an attacker being able to
complete
    authentication and gain access to the network.

CVE-2019-9499

    EAP-pwd peer missing commit validation for scalar/element:
wpa_supplicant
    doesn't validate values received in the EAP-pwd-Commit message, so
an
    attacker could use a specially crafted commit message to manipulate
the
    exchange in order for wpa_supplicant to derive a session key from a
limited
    set of possible values. This could result in an attacker being able
to
    complete authentication and operate as a rogue AP.

Note that the Dragonblood moniker also applies to CVE-2019-9494 and
CVE-2014-9496 which are vulnerabilities in the SAE protocol in WPA3.
SAE is not
enabled in Debian stretch builds of wpa, which is thus not vulnerable
by default.

Due to the complexity of the backporting process, the fix for these
vulnerabilities are partial. Users are advised to use strong passwords
to
prevent dictionary attacks or use a 2.7-based version from stretch-
backports
(version above 2:2.7+git20190128+0c1e29f-4).

For the stable distribution (stretch), these problems have been fixed
in
version 2:2.4-1+deb9u3.

We recommend that you upgrade your wpa packages.

For the detailed security status of wpa please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wpa

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce at lists.debian.org

-- 
Christopher Howard, Enterprise Solutions Manager, Alaska Satellite
Internet3239 La Ree Way, Fairbanks, AK 99709P.O. Box 70, Ester, AK 99725p: 1-888-396-5623, f: 1-888-260-3584https://alaskasatelliteinternet.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.librecmc.org/pipermail/librecmc-users/attachments/20190411/121b4ffa/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 695 bytes
Desc: This is a digitally signed message part
URL: <http://lists.librecmc.org/pipermail/librecmc-users/attachments/20190411/121b4ffa/attachment.sig>


More information about the Librecmc-users mailing list