Debian DSA-3999-1 : wpa - security update (KRACK)

high Nessus Plugin ID 103859
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities apply to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).

An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2.

More information can be found in the researchers's paper, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2.

- CVE-2017-13077 :
reinstallation of the pairwise key in the Four-way handshake

- CVE-2017-13078 :
reinstallation of the group key in the Four-way handshake

- CVE-2017-13079 :
reinstallation of the integrity group key in the Four-way handshake

- CVE-2017-13080 :
reinstallation of the group key in the Group Key handshake

- CVE-2017-13081 :
reinstallation of the integrity group key in the Group Key handshake

- CVE-2017-13082 :
accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it

- CVE-2017-13086 :
reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake

- CVE-2017-13087 :
reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

- CVE-2017-13088 :
reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

Solution

Upgrade the wpa packages.

For the oldstable distribution (jessie), these problems have been fixed in version 2.3-1+deb8u5.

For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1.

See Also

https://www.krackattacks.com/#paper

https://security-tracker.debian.org/tracker/CVE-2017-13077

https://security-tracker.debian.org/tracker/CVE-2017-13078

https://security-tracker.debian.org/tracker/CVE-2017-13079

https://security-tracker.debian.org/tracker/CVE-2017-13080

https://security-tracker.debian.org/tracker/CVE-2017-13081

https://security-tracker.debian.org/tracker/CVE-2017-13082

https://security-tracker.debian.org/tracker/CVE-2017-13086

https://security-tracker.debian.org/tracker/CVE-2017-13087

https://security-tracker.debian.org/tracker/CVE-2017-13088

https://packages.debian.org/source/jessie/wpa

https://packages.debian.org/source/stretch/wpa

https://www.debian.org/security/2017/dsa-3999

Plugin Details

Severity: High

ID: 103859

File Name: debian_DSA-3999.nasl

Version: 3.12

Type: local

Agent: unix

Published: 10/17/2017

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.1

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:wpa, cpe:/o:debian:debian_linux:8.0, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 10/16/2017

Reference Information

CVE: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

DSA: 3999

IAVA: 2017-A-0310