• [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-17:07.wpa [REVI

    From FreeBSD Security Advisories@21:1/5 to All on Thu Oct 19 04:00:00 2017
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    ============================================================================= FreeBSD-SA-17:07.wpa Security Advisory
    The FreeBSD Project

    Topic: WPA2 protocol vulnerability

    Category: contrib
    Module: wpa
    Announced: 2017-10-16
    Credits: Mathy Vanhoef
    Affects: All supported versions of FreeBSD.
    Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE)
    2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2)
    2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13)
    2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE)
    2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1)
    2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22)
    CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
    CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
    CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

    For general information regarding FreeBSD Security Advisories,
    including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>.

    0. Revision history

    v1.0 2017-10-17 Initial release.
    v1.1 2017-10-19 Add patches for 10.x releases.

    I. Background

    Wi-Fi Protected Access II (WPA2) is a security protocol developed by the
    Wi-Fi Alliance to secure wireless computer networks.

    hostapd and wpa_supplicant are implementations of user space daemon for
    access points and wireless client that implements the WPA2 protocol.

    II. Problem Description

    A vulnerability was found in how a number of implementations can be
    triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
    replaying a specific frame that is used to manage the keys.

    III. Impact

    Such reinstallation of the encryption key can result in two different
    types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to
    be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.

    IV. Workaround

    An updated version of wpa_supplicant is available in the FreeBSD Ports Collection. Install version 2.6_2 or later of the
    security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf
    to use the new binary:

    wpa_supplicant_program="/usr/local/sbin/wpa_supplicant"

    and restart networking.

    An updated version of hostapd is available in the FreeBSD Ports
    Collection. Install version 2.6_1 or later of the net/hostapd port/pkg.
    Once installed, update /etc/rc.conf to use the new binary:

    hostapd_program="/usr/local/sbin/hostapd"

    and restart hostapd.

    V. Solution

    Perform one of the following:

    1) Upgrade your vulnerable system to a supported FreeBSD stable or
    release / security branch (releng) dated after the correction date.

    Restart the Wi-Fi network interfaces/hostapd or reboot the system.

    2) To update your vulnerable system via a binary patch:

    Systems running a RELEASE version of FreeBSD on the i386 or amd64
    platforms can be updated via the freebsd-update(8) utility:

    # freebsd-update fetch
    # freebsd-update install

    Restart the Wi-Fi network interfaces/hostapd or reboot the system.

    3) To update your vulnerable system via a source code patch:

    The following patches have been verified to apply to the applicable
    FreeBSD release branches.

    a) Download the relevant patch from the location below, and verify the
    detached PGP signature using your PGP utility.

    [FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE]
    # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch
    # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc
    # gpg --verify wpa-11.patch.asc

    [FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE]
    # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch
    # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc
    # gpg --verify wpa-10.patch.asc

    b) Apply the patch. Execute the following commands as root:

    # cd /usr/src
    # patch < /path/to/patch

    c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

    Restart the applicable daemons, or reboot the system.

    VI. Correction details

    The following list contains the correction revision numbers for each
    affected branch.

    Branch/path Revision
    - ------------------------------------------------------------------------- stable/11/ r324697 releng/11.0/ r324698 releng/11.1/ r324699 stable/10/ r324739 releng/10.3/ r324740 releng/10.4/ r324741
    - -------------------------------------------------------------------------

    To see which files were modified by a particular revision, run the
    following command, replacing NNNNNN with the revision number, on a
    machine with Subversion installed:

    # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

    Or visit the following URL, replacing NNNNNN with the revision number:

    <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

    VII. References

    <URL:https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt>
    <URL:https://www.krackattacks.com/>

    The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc> -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P auc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf uJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/ F/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp gN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM 4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0 VpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd OAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O y7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K xfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr SdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K ETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE=
    =h/5q
    -----END PGP SIGNATURE-----
    _______________________________________________
    freebsd-announce@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-announce
    To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)