Commit 8f89f4f8 authored by Lev Lamberov's avatar Lev Lamberov

[SECURITY] [DSA 4430-1] wpa security update

parent b5a1a447
<define-tag pagetitle>DSA-4430-1 wpa</define-tag>
<define-tag report_date>2019-4-10</define-tag>
<define-tag secrefs>CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 Bug#926801</define-tag>
<define-tag packages>wpa</define-tag>
<define-tag isvulnerable>yes</define-tag>
<define-tag fixed>yes</define-tag>
<define-tag fixed-section>no</define-tag>
#use wml::debian::security
</dl>
<define-tag description>security update</define-tag>
<define-tag moreinfo>
<p>Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) found
multiple vulnerabilities in the WPA implementation found in wpa_supplication
(station) and hostapd (access point). These vulnerability are also collectively
known as <q>Dragonblood</q>.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-9495">CVE-2019-9495</a>
<p>Cache-based side-channel attack against the EAP-pwd implementation: an
attacker able to run unprivileged code on the target machine (including for
example javascript code in a browser on a smartphone) during the handshake
could deduce enough information to discover the password in a dictionary
attack.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-9497">CVE-2019-9497</a>
<p>Reflection attack against EAP-pwd server implementation: a lack of
validation of received scalar and elements value in the EAP-pwd-Commit
messages could result in attacks that would be able to complete EAP-pwd
authentication exchange without the attacker having to know the password.
This does not result in the attacker being able to derive the session key,
complete the following key exchange and access the network.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-9498">CVE-2019-9498</a>
<p>EAP-pwd server missing commit validation for scalar/element: hostapd
doesn't validate values received in the EAP-pwd-Commit message, so an
attacker could use a specially crafted commit message to manipulate the
exchange in order for hostapd to derive a session key from a limited set of
possible values. This could result in an attacker being able to complete
authentication and gain access to the network.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-9499">CVE-2019-9499</a>
<p>EAP-pwd peer missing commit validation for scalar/element: wpa_supplicant
doesn't validate values received in the EAP-pwd-Commit message, so an
attacker could use a specially crafted commit message to manipulate the
exchange in order for wpa_supplicant to derive a session key from a limited
set of possible values. This could result in an attacker being able to
complete authentication and operate as a rogue AP.</p>
</ul>
<p>Note that the Dragonblood moniker also applies to
<a href="https://security-tracker.debian.org/tracker/CVE-2019-9494">\
CVE-2019-9494</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2014-9496">\
CVE-2014-9496</a> which are vulnerabilities in the SAE protocol in WPA3. SAE is not
enabled in Debian stretch builds of wpa, which is thus not vulnerable by default.</p>
<p>Due to the complexity of the backporting process, the fix for these
vulnerabilities are partial. Users are advised to use strong passwords to
prevent dictionary attacks or use a 2.7-based version from stretch-backports
(version above 2:2.7+git20190128+0c1e29f-4).</p>
<p>For the stable distribution (stretch), these problems have been fixed in
version 2:2.4-1+deb9u3.</p>
<p>We recommend that you upgrade your wpa packages.</p>
<p>For the detailed security status of wpa please refer to
its security tracker page at:
<a href="https://security-tracker.debian.org/tracker/wpa">\
https://security-tracker.debian.org/tracker/wpa</a></p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2019/dsa-4430.data"
# $Id: $
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment