[lacnog] Vulnerability Note VU#228519

Fernando Gont fgont en si6networks.com
Vie Oct 20 05:13:00 BRST 2017


FYI PoC: <https://github.com/vanhoefm/krackattacks-test-ap-ft>



On 10/16/2017 01:55 PM, Lucimara Desiderá wrote:
> https://www.kb.cert.org/vuls/id/228519
> 
> 
> Vulnerability Note VU#228519
> Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to
> induce nonce and session key reuse
> 
> Original Release date: 16 Oct 2017 | Last revised: 16 Oct 2017
> Print Document
> 
> Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to
> induce nonce and session key reuse, resulting in key reinstallation by a
> wireless access point (AP) or client. An attacker within range of an
> affected AP and client may leverage these vulnerabilities to conduct
> attacks that are dependent on the data confidentiality protocols being
> used. Attacks may include arbitrary packet decryption and injection, TCP
> connection hijacking, HTTP content injection, or the replay of unicast
> and group-addressed frames.
> Description
> 
> CWE-323: Reusing a Nonce, Key Pair in Encryption
> 
> Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to
> induce nonce and session key reuse, resulting in key reinstallation by a
> victim wireless access point (AP) or client. After establishing a
> man-in-the-middle position between an AP and client, an attacker can
> selectively manipulate the timing and transmission of messages in the
> WPA2 Four-way, Group Key, Fast Basic Service Set (BSS) Transition,
> PeerKey, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK), or Wireless
> Network Management (WNM) Sleep Mode handshakes, resulting in
> out-of-sequence reception or retransmission of messages. Depending on
> the data confidentiality protocols in use (e.g. TKIP, CCMP, and GCMP)
> and situational factors, the effect of these manipulations is to reset
> nonces and replay counters and ultimately to reinstall session keys. Key
> reuse facilitates arbitrary packet decryption and injection, TCP
> connection hijacking, HTTP content injection, or the replay of unicast,
> broadcast, and multicast frames.
> 
> The following CVE IDs have been assigned to document these
> vulnerabilities in the WPA2 protocol:
> 
>     CVE-2017-13077: reinstallation of the pairwise key in the Four-way
> handshake
>     CVE-2017-13078: reinstallation of the group key in the Four-way
> handshake
>     CVE-2017-13079: reinstallation of the integrity group key in the
> Four-way handshake
>     CVE-2017-13080: reinstallation of the group key in the Group Key
> handshake
>     CVE-2017-13081: reinstallation of the integrity group key in the
> Group Key handshake
>     CVE-2017-13082: accepting a retransmitted Fast BSS Transition
> Reassociation Request and reinstalling the pairwise key while processing it
>     CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
>     CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup
> (TDLS) PeerKey (TPK) key in the TDLS handshake
>     CVE-2017-13087: reinstallation of the group key (GTK) when
> processing a Wireless Network Management (WNM) Sleep Mode Response frame
>     CVE-2017-13088: reinstallation of the integrity group key (IGTK)
> when processing a Wireless Network Management (WNM) Sleep Mode Response
> frame
> 
> 
> For a detailed description of these issues, refer to the researcher's
> website and paper.
> 
> Impact
> 
> An attacker within the wireless communications range of an affected AP
> and client may leverage these vulnerabilities to conduct attacks that
> are dependent on the data confidentiality protocol being used. Impacts
> may include arbitrary packet decryption and injection, TCP connection
> hijacking, HTTP content injection, or the replay of unicast, broadcast,
> and multicast frames.
> Solution
> 
> Install Updates
> 
> The WPA2 protocol is ubiquitous in wireless networking. The
> vulnerabilities described here are in the standard itself as opposed to
> individual implementations thereof; as such, any correct implementation
> is likely affected. Users are encouraged to install updates to affected
> products and hosts as they are available. For information about a
> specific vendor or product, check the Vendor Information section of this
> document or contact the vendor directly. Note that the vendor list below
> is not exhaustive.
> Vendor Information (Learn More)
> Vendor	Status	Date Notified	Date Updated
> Aruba Networks	Affected	28 Aug 2017	09 Oct 2017
> Cisco	Affected	28 Aug 2017	10 Oct 2017
> Espressif Systems	Affected	22 Sep 2017	13 Oct 2017
> Fortinet, Inc.	Affected	28 Aug 2017	16 Oct 2017
> FreeBSD Project	Affected	28 Aug 2017	12 Oct 2017
> HostAP	Affected	30 Aug 2017	16 Oct 2017
> Intel Corporation	Affected	28 Aug 2017	10 Oct 2017
> Juniper Networks	Affected	28 Aug 2017	28 Aug 2017
> Microchip Technology	Affected	28 Aug 2017	16 Oct 2017
> Red Hat, Inc.	Affected	28 Aug 2017	04 Oct 2017
> Samsung Mobile	Affected	28 Aug 2017	12 Oct 2017
> Toshiba Commerce Solutions	Affected	15 Sep 2017	13 Oct 2017
> Toshiba Electronic Devices & Storage Corporation	Affected	28 Aug 2017	16
> Oct 2017
> Toshiba Memory Corporation	Affected	28 Aug 2017	16 Oct 2017
> Ubiquiti Networks	Affected	28 Aug 2017	16 Oct 2017
> If you are a vendor and your product is affected, let us know.View More »
> 
> CVSS Metrics (Learn More)
> Group 	Score 	Vector
> Base 	5.4 	AV:A/AC:M/Au:N/C:P/I:P/A:P
> Temporal 	4.9 	E:POC/RL:ND/RC:C
> Environmental 	5.7 	CDP:ND/TD:H/CR:H/IR:H/AR:ND
> References
> 
>     https://cwe.mitre.org/data/definitions/323.html
>     https://www.krackattacks.com/
>     https://papers.mathyvanhoef.com/ccs2017.pdf
> 
> Credit
> 
> Thanks to Mathy Vanhoef of the imec-DistriNet group at KU Leuven for
> reporting these vulnerabilities. Mathy thanks John A. Van Boxtel for
> finding that wpa_supplicant v2.6 is also vulnerable to CVE-2017-13077.
> 
> The CERT/CC also thanks ICASI for their efforts to facilitate vendor
> collaboration on addressing these vulnerabilities.
> 
> This document was written by Joel Land.
> Other Information
> 
>     CVE IDs: CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
> CVE-2017-13081 CVE-2017-13082 CVE-2017-13084 CVE-2017-13086
> CVE-2017-13087 CVE-2017-13088
>     Date Public: 16 Oct 2017
>     Date First Published: 16 Oct 2017
>     Date Last Updated: 16 Oct 2017
>     Document Revision: 69
> 
> Feedback
> 
> If you have feedback, comments, or additional information about this
> vulnerability, please send us email.
> Quick Search
> 
> Advanced Search »
> View Notes By
> 
>     Date Published
>     Date Public
>     Date Updated
>     CVSS Score
> 
> Report a Vulnerability
> 
> Report a VulnerabilityPlease use the Vulnerability Reporting Form to
> report a vulnerability. Alternatively, you can send us email. Be sure to
> read our vulnerability disclosure policy.
> Connect with Us
> 
>     Subscribe to our feed
>     Read the CERT/CC blog
> 
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
> .
> 


-- 
Fernando Gont
SI6 Networks
e-mail: fgont en si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492






Más información sobre la lista de distribución LACNOG