Lucene search

K
archlinuxArchLinuxASA-201710-23
HistoryOct 16, 2017 - 12:00 a.m.

[ASA-201710-23] hostapd: man-in-the-middle

2017-10-1600:00:00
security.archlinux.org
36

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.004

Percentile

74.4%

Arch Linux Security Advisory ASA-201710-23

Severity: High
Date : 2017-10-16
CVE-ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
CVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088
Package : hostapd
Type : man-in-the-middle
Remote : Yes
Link : https://security.archlinux.org/AVG-448

Summary

The package hostapd before version 2.6-6 is vulnerable to man-in-the-
middle.

Resolution

Upgrade to 2.6-6.

pacman -Syu “hostapd>=2.6-6”

The problems have been fixed upstream but no release is available yet.

Workaround

None.

Description

  • CVE-2017-13077 (man-in-the-middle)

A vulnerability has been discovered that allows reinstallation of the
pairwise encryption key (PTK-TK) in the 4-way handshake.

  • CVE-2017-13078 (man-in-the-middle)

A vulnerability has been discovered that allows reinstallation of the
group key (GTK) in the 4-way handshake.

  • CVE-2017-13079 (man-in-the-middle)

A vulnerability has been discovered that allows reinstallation of the
integrity group key (IGTK) in the 4-way handshake.

  • CVE-2017-13080 (man-in-the-middle)

A vulnerability has been discovered that allows reinstallation of the
group key (GTK) in the group key handshake.

  • CVE-2017-13081 (man-in-the-middle)

A vulnerability has been discovered that allows reinstallation of the
integrity group key (IGTK) in the group key handshake.

  • CVE-2017-13082 (man-in-the-middle)

A vulnerability has been discovered that allows accepting a
retransmitted FT Reassociation Request and reinstalling the pairwise
key (PTK) while processing it.

  • CVE-2017-13087 (man-in-the-middle)

A vulnerability has been discovered that allows reinstallation of the
group key (GTK) when processing a Wireless Network Management (WNM)
Sleep Mode Response frame.

  • CVE-2017-13088 (man-in-the-middle)

A vulnerability has been discovered that allows reinstallation of the
integrity group key (IGTK) when processing a Wireless Network
Management (WNM) Sleep Mode Response frame.

Impact

A remote attacker within physical proximity to the target WiFi network
is able to decrypt all data that the victim transmits, inject arbitrary
packets to hijack TCP connection or replay unicast and group-addressed
frames.

References

https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
https://papers.mathyvanhoef.com/ccs2017.pdf
https://www.kb.cert.org/vuls/id/228519
https://www.krackattacks.com/
https://w1.fi/cgit/hostap/commit/?id=53bb18cc8b7a4da72e47e4b3752d0d2135cffb23
https://w1.fi/cgit/hostap/commit/?id=0adc9b28b39d414d5febfff752f6a1576f785c85
https://w1.fi/cgit/hostap/commit/?id=cb5132bb35698cc0c743e34fe0e845dfc4c3e410
https://w1.fi/cgit/hostap/commit/?id=0e3bd7ac684a2289aa613347e2f3ad54ad6a9449
https://w1.fi/cgit/hostap/commit/?id=e760851176c77ae6de19821bb1d5bf3ae2cb5187
https://w1.fi/cgit/hostap/commit/?id=2a9c5217b18be9462a5329626e2f95cc7dd8d4f1
https://w1.fi/cgit/hostap/commit/?id=87e2db16bafcbc60b8d0016175814a73c1e8ed45
https://security.archlinux.org/CVE-2017-13077
https://security.archlinux.org/CVE-2017-13078
https://security.archlinux.org/CVE-2017-13079
https://security.archlinux.org/CVE-2017-13080
https://security.archlinux.org/CVE-2017-13081
https://security.archlinux.org/CVE-2017-13082
https://security.archlinux.org/CVE-2017-13087
https://security.archlinux.org/CVE-2017-13088

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanyhostapd< 2.6-6UNKNOWN

References

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.004

Percentile

74.4%