Debian DSA-3999-1 : wpa - security update (KRACK)

high Nessus Plugin ID 103859

Synopsis

The remote Debian host is missing a security-related update.

Description

Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities apply to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).

An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2.

More information can be found in the researchers's paper, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2.

- CVE-2017-13077 :
reinstallation of the pairwise key in the Four-way handshake

- CVE-2017-13078 :
reinstallation of the group key in the Four-way handshake

- CVE-2017-13079 :
reinstallation of the integrity group key in the Four-way handshake

- CVE-2017-13080 :
reinstallation of the group key in the Group Key handshake

- CVE-2017-13081 :
reinstallation of the integrity group key in the Group Key handshake

- CVE-2017-13082 :
accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it

- CVE-2017-13086 :
reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake

- CVE-2017-13087 :
reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

- CVE-2017-13088 :
reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

Solution

Upgrade the wpa packages.

For the oldstable distribution (jessie), these problems have been fixed in version 2.3-1+deb8u5.

For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1.

See Also

https://www.krackattacks.com/#paper

https://security-tracker.debian.org/tracker/CVE-2017-13077

https://security-tracker.debian.org/tracker/CVE-2017-13078

https://security-tracker.debian.org/tracker/CVE-2017-13079

https://security-tracker.debian.org/tracker/CVE-2017-13080

https://security-tracker.debian.org/tracker/CVE-2017-13081

https://security-tracker.debian.org/tracker/CVE-2017-13082

https://security-tracker.debian.org/tracker/CVE-2017-13086

https://security-tracker.debian.org/tracker/CVE-2017-13087

https://security-tracker.debian.org/tracker/CVE-2017-13088

https://packages.debian.org/source/jessie/wpa

https://packages.debian.org/source/stretch/wpa

https://www.debian.org/security/2017/dsa-3999

Plugin Details

Severity: High

ID: 103859

File Name: debian_DSA-3999.nasl

Version: 3.12

Type: local

Agent: unix

Published: 10/17/2017

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.1

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:9.0, cpe:/o:debian:debian_linux:8.0, p-cpe:/a:debian:debian_linux:wpa

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 10/16/2017

Reference Information

CVE: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

DSA: 3999

IAVA: 2017-A-0310