Executive Summary
Summary | |
---|---|
Title | wpa security update |
Informations | |||
---|---|---|---|
Name | DSA-4430 | First vendor Publication | 2019-04-10 |
Vendor | Debian | Last vendor Modification | 2019-04-10 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) found multiple vulnerabilities in the WPA implementation found in wpa_supplication (station) and hostapd (access point). These vulnerability are also collectively known as "Dragonblood". CVE-2019-9495 Cache-based side-channel attack against the EAP-pwd implementation: an attacker able to run unprivileged code on the target machine (including for example javascript code in a browser on a smartphone) during the handshake could deduce enough information to discover the password in a dictionary attack. CVE-2019-9497 Reflection attack against EAP-pwd server implementation: a lack of validation of received scalar and elements value in the EAP-pwd-Commit messages could result in attacks that would be able to complete EAP-pwd authentication exchange without the attacker having to know the password. This does not result in the attacker being able to derive the session key, complete the following key exchange and access the network. CVE-2019-9498 EAP-pwd server missing commit validation for scalar/element: hostapd doesn't validate values received in the EAP-pwd-Commit message, so an attacker could use a specially crafted commit message to manipulate the exchange in order for hostapd to derive a session key from a limited set of possible values. This could result in an attacker being able to complete authentication and gain access to the network. CVE-2019-9499 EAP-pwd peer missing commit validation for scalar/element: wpa_supplicant doesn't validate values received in the EAP-pwd-Commit message, so an attacker could use a specially crafted commit message to manipulate the exchange in order for wpa_supplicant to derive a session key from a limited set of possible values. This could result in an attacker being able to complete authentication and operate as a rogue AP. Note that the Dragonblood moniker also applies to CVE-2019-9494 and CVE-2014-9496 which are vulnerabilities in the SAE protocol in WPA3. SAE is not enabled in Debian stretch builds of wpa, which is thus not vulnerable by default. Due to the complexity of the backporting process, the fix for these vulnerabilities are partial. Users are advised to use strong passwords to prevent dictionary attacks or use a 2.7-based version from stretch-backports (version above 2:2.7+git20190128+0c1e29f-4). For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u3. We recommend that you upgrade your wpa packages. For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa |
Original Source
Url : http://www.debian.org/security/2019/dsa-4430 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Os | 4 | |
Os | 1 | |
Os | 2 | |
Os | 1 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-05-01 | Name : The remote Debian host is missing a security update. File : debian_DLA-928.nasl - Type : ACT_GATHER_INFO |
2016-12-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201612-03.nasl - Type : ACT_GATHER_INFO |
2016-02-09 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2016-039-02.nasl - Type : ACT_GATHER_INFO |
2015-12-08 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2832-1.nasl - Type : ACT_GATHER_INFO |
2015-12-01 | Name : The remote Debian host is missing a security update. File : debian_DLA-356.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-149.nasl - Type : ACT_GATHER_INFO |
2015-01-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libsndfile-150123.nasl - Type : ACT_GATHER_INFO |
2015-01-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-024.nasl - Type : ACT_GATHER_INFO |
2015-01-15 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-18.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2019-04-11 09:18:12 |
|