Debian DSA-3999-1 : wpa - security update (KRACK)

medium Nessus Plugin ID 103859

Language:

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 6

Synopsis

The remote Debian host is missing a security-related update.

Description

Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities apply to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).

An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2.

More information can be found in the researchers's paper, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2.

 - CVE-2017-13077 :
 reinstallation of the pairwise key in the Four-way handshake

 - CVE-2017-13078 :
 reinstallation of the group key in the Four-way handshake

 - CVE-2017-13079 :
 reinstallation of the integrity group key in the Four-way handshake

 - CVE-2017-13080 :
 reinstallation of the group key in the Group Key handshake

 - CVE-2017-13081 :
 reinstallation of the integrity group key in the Group Key handshake

 - CVE-2017-13082 :
 accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it

 - CVE-2017-13086 :
 reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake

 - CVE-2017-13087 :
 reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

 - CVE-2017-13088 :
 reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

Solution

Upgrade the wpa packages.

For the oldstable distribution (jessie), these problems have been fixed in version 2.3-1+deb8u5.

For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1.

See Also

https://www.krackattacks.com/#paper

https://security-tracker.debian.org/tracker/CVE-2017-13077

https://security-tracker.debian.org/tracker/CVE-2017-13078

https://security-tracker.debian.org/tracker/CVE-2017-13079

https://security-tracker.debian.org/tracker/CVE-2017-13080

https://security-tracker.debian.org/tracker/CVE-2017-13081

https://security-tracker.debian.org/tracker/CVE-2017-13082

https://security-tracker.debian.org/tracker/CVE-2017-13086

https://security-tracker.debian.org/tracker/CVE-2017-13087

https://security-tracker.debian.org/tracker/CVE-2017-13088

https://packages.debian.org/source/jessie/wpa

https://packages.debian.org/source/stretch/wpa

https://www.debian.org/security/2017/dsa-3999

Plugin Details

Severity: Medium

ID: 103859

File Name: debian_DSA-3999.nasl

Version: 3.12

Type: local

Agent: unix

Published: 10/17/2017

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: Medium

VPR Score: 6

CVSS v2.0

Base Score: 5.8

Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:wpa, cpe:/o:debian:debian_linux:8.0, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 10/16/2017

Reference Information

CVE: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

DSA: 3999

IAVA: 2017-A-0310