[lacnog] Vulnerability Note VU#228519
Fernando Gont
fgont en si6networks.com
Vie Oct 20 05:13:00 BRST 2017
FYI PoC: <https://github.com/vanhoefm/krackattacks-test-ap-ft>
On 10/16/2017 01:55 PM, Lucimara Desiderá wrote:
> https://www.kb.cert.org/vuls/id/228519
>
>
> Vulnerability Note VU#228519
> Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to
> induce nonce and session key reuse
>
> Original Release date: 16 Oct 2017 | Last revised: 16 Oct 2017
> Print Document
>
> Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to
> induce nonce and session key reuse, resulting in key reinstallation by a
> wireless access point (AP) or client. An attacker within range of an
> affected AP and client may leverage these vulnerabilities to conduct
> attacks that are dependent on the data confidentiality protocols being
> used. Attacks may include arbitrary packet decryption and injection, TCP
> connection hijacking, HTTP content injection, or the replay of unicast
> and group-addressed frames.
> Description
>
> CWE-323: Reusing a Nonce, Key Pair in Encryption
>
> Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to
> induce nonce and session key reuse, resulting in key reinstallation by a
> victim wireless access point (AP) or client. After establishing a
> man-in-the-middle position between an AP and client, an attacker can
> selectively manipulate the timing and transmission of messages in the
> WPA2 Four-way, Group Key, Fast Basic Service Set (BSS) Transition,
> PeerKey, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK), or Wireless
> Network Management (WNM) Sleep Mode handshakes, resulting in
> out-of-sequence reception or retransmission of messages. Depending on
> the data confidentiality protocols in use (e.g. TKIP, CCMP, and GCMP)
> and situational factors, the effect of these manipulations is to reset
> nonces and replay counters and ultimately to reinstall session keys. Key
> reuse facilitates arbitrary packet decryption and injection, TCP
> connection hijacking, HTTP content injection, or the replay of unicast,
> broadcast, and multicast frames.
>
> The following CVE IDs have been assigned to document these
> vulnerabilities in the WPA2 protocol:
>
> CVE-2017-13077: reinstallation of the pairwise key in the Four-way
> handshake
> CVE-2017-13078: reinstallation of the group key in the Four-way
> handshake
> CVE-2017-13079: reinstallation of the integrity group key in the
> Four-way handshake
> CVE-2017-13080: reinstallation of the group key in the Group Key
> handshake
> CVE-2017-13081: reinstallation of the integrity group key in the
> Group Key handshake
> CVE-2017-13082: accepting a retransmitted Fast BSS Transition
> Reassociation Request and reinstalling the pairwise key while processing it
> CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
> CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup
> (TDLS) PeerKey (TPK) key in the TDLS handshake
> CVE-2017-13087: reinstallation of the group key (GTK) when
> processing a Wireless Network Management (WNM) Sleep Mode Response frame
> CVE-2017-13088: reinstallation of the integrity group key (IGTK)
> when processing a Wireless Network Management (WNM) Sleep Mode Response
> frame
>
>
> For a detailed description of these issues, refer to the researcher's
> website and paper.
>
> Impact
>
> An attacker within the wireless communications range of an affected AP
> and client may leverage these vulnerabilities to conduct attacks that
> are dependent on the data confidentiality protocol being used. Impacts
> may include arbitrary packet decryption and injection, TCP connection
> hijacking, HTTP content injection, or the replay of unicast, broadcast,
> and multicast frames.
> Solution
>
> Install Updates
>
> The WPA2 protocol is ubiquitous in wireless networking. The
> vulnerabilities described here are in the standard itself as opposed to
> individual implementations thereof; as such, any correct implementation
> is likely affected. Users are encouraged to install updates to affected
> products and hosts as they are available. For information about a
> specific vendor or product, check the Vendor Information section of this
> document or contact the vendor directly. Note that the vendor list below
> is not exhaustive.
> Vendor Information (Learn More)
> Vendor Status Date Notified Date Updated
> Aruba Networks Affected 28 Aug 2017 09 Oct 2017
> Cisco Affected 28 Aug 2017 10 Oct 2017
> Espressif Systems Affected 22 Sep 2017 13 Oct 2017
> Fortinet, Inc. Affected 28 Aug 2017 16 Oct 2017
> FreeBSD Project Affected 28 Aug 2017 12 Oct 2017
> HostAP Affected 30 Aug 2017 16 Oct 2017
> Intel Corporation Affected 28 Aug 2017 10 Oct 2017
> Juniper Networks Affected 28 Aug 2017 28 Aug 2017
> Microchip Technology Affected 28 Aug 2017 16 Oct 2017
> Red Hat, Inc. Affected 28 Aug 2017 04 Oct 2017
> Samsung Mobile Affected 28 Aug 2017 12 Oct 2017
> Toshiba Commerce Solutions Affected 15 Sep 2017 13 Oct 2017
> Toshiba Electronic Devices & Storage Corporation Affected 28 Aug 2017 16
> Oct 2017
> Toshiba Memory Corporation Affected 28 Aug 2017 16 Oct 2017
> Ubiquiti Networks Affected 28 Aug 2017 16 Oct 2017
> If you are a vendor and your product is affected, let us know.View More »
>
> CVSS Metrics (Learn More)
> Group Score Vector
> Base 5.4 AV:A/AC:M/Au:N/C:P/I:P/A:P
> Temporal 4.9 E:POC/RL:ND/RC:C
> Environmental 5.7 CDP:ND/TD:H/CR:H/IR:H/AR:ND
> References
>
> https://cwe.mitre.org/data/definitions/323.html
> https://www.krackattacks.com/
> https://papers.mathyvanhoef.com/ccs2017.pdf
>
> Credit
>
> Thanks to Mathy Vanhoef of the imec-DistriNet group at KU Leuven for
> reporting these vulnerabilities. Mathy thanks John A. Van Boxtel for
> finding that wpa_supplicant v2.6 is also vulnerable to CVE-2017-13077.
>
> The CERT/CC also thanks ICASI for their efforts to facilitate vendor
> collaboration on addressing these vulnerabilities.
>
> This document was written by Joel Land.
> Other Information
>
> CVE IDs: CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
> CVE-2017-13081 CVE-2017-13082 CVE-2017-13084 CVE-2017-13086
> CVE-2017-13087 CVE-2017-13088
> Date Public: 16 Oct 2017
> Date First Published: 16 Oct 2017
> Date Last Updated: 16 Oct 2017
> Document Revision: 69
>
> Feedback
>
> If you have feedback, comments, or additional information about this
> vulnerability, please send us email.
> Quick Search
>
> Advanced Search »
> View Notes By
>
> Date Published
> Date Public
> Date Updated
> CVSS Score
>
> Report a Vulnerability
>
> Report a VulnerabilityPlease use the Vulnerability Reporting Form to
> report a vulnerability. Alternatively, you can send us email. Be sure to
> read our vulnerability disclosure policy.
> Connect with Us
>
> Subscribe to our feed
> Read the CERT/CC blog
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
> .
>
--
Fernando Gont
SI6 Networks
e-mail: fgont en si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
Más información sobre la lista de distribución LACNOG