Gentoo update for hostapd and wpa

1) Key management errors

EUVDB-ID: #VU8837

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13077

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Update the affected packages.
net-wireless/hostapd to version: 2.6-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:

External links

http://security.gentoo.org/glsa/201711-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Key management errors

EUVDB-ID: #VU8838

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13078

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Update the affected packages.
net-wireless/hostapd to version: 2.6-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:

External links

http://security.gentoo.org/glsa/201711-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Key management errors

EUVDB-ID: #VU8839

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13079

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Update the affected packages.
net-wireless/hostapd to version: 2.6-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:

External links

http://security.gentoo.org/glsa/201711-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Key management errors

EUVDB-ID: #VU8840

Risk: Medium

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13080

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

The vulnerability is dubbed "KRACK" attack.

Mitigation

Update the affected packages.
net-wireless/hostapd to version: 2.6-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:

External links

http://security.gentoo.org/glsa/201711-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Key management errors

EUVDB-ID: #VU8841

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13081

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Update the affected packages.
net-wireless/hostapd to version: 2.6-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:

External links

http://security.gentoo.org/glsa/201711-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Key management errors

EUVDB-ID: #VU8842

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13082

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Update the affected packages.
net-wireless/hostapd to version: 2.6-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:

External links

http://security.gentoo.org/glsa/201711-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Key management errors

EUVDB-ID: #VU8844

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13084

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force an STSL to reinstall a previously used STK.

The weakness exists in the processing of the 802.11i 4-way PeerKey handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used messages exchanges between stations.

Mitigation

Update the affected packages.
net-wireless/hostapd to version: 2.6-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:

External links

http://security.gentoo.org/glsa/201711-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) Key management errors

EUVDB-ID: #VU8845

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13086

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11z standard to reinstall a previously used TPK key.

The weakness exists in the processing of the 802.11z (Extensions to Direct-Link Setup) TDLS handshake messages due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop on a TDLS handshake and retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Update the affected packages.
net-wireless/hostapd to version: 2.6-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:

External links

http://security.gentoo.org/glsa/201711-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Key management errors

EUVDB-ID: #VU8846

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13087

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used group key.

The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.

Mitigation

Update the affected packages.
net-wireless/hostapd to version: 2.6-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:

External links

http://security.gentoo.org/glsa/201711-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Key management errors

EUVDB-ID: #VU8847

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13088

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used integrity group key.

The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.

Mitigation

Update the affected packages.
net-wireless/hostapd to version: 2.6-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:

External links

http://security.gentoo.org/glsa/201711-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Risk	High
Patch available	YES
Number of vulnerabilities	10
CVE-ID	CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13084 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088
CWE-ID	CWE-320
Exploitation vector	Local network
Public exploit	Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available.
Vulnerable software Subscribe	Gentoo Linux Operating systems & Components / Operating system
Vendor	Gentoo

Gentoo update for hostapd and wpa_supplicant

1) Key management errors

2) Key management errors

3) Key management errors

4) Key management errors

5) Key management errors

6) Key management errors

7) Key management errors

8) Key management errors

9) Key management errors

10) Key management errors