exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 4430-1

Debian Security Advisory 4430-1
Posted Apr 11, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4430-1 - Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) found multiple vulnerabilities in the WPA implementation found in wpa_supplication (station) and hostapd (access point). These vulnerability are also collectively known as "Dragonblood".

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499
SHA-256 | e4cc520a6f88594171e81ee3cde6f6aec1740ca7d34b2fc6ac799e9719e96151

Debian Security Advisory 4430-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4430-1 security@debian.org
https://www.debian.org/security/ Yves-Alexis Perez
April 10, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wpa
CVE ID : CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499
Debian Bug : 926801

Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) found
multiple vulnerabilities in the WPA implementation found in wpa_supplication
(station) and hostapd (access point). These vulnerability are also collectively
known as "Dragonblood".

CVE-2019-9495

Cache-based side-channel attack against the EAP-pwd implementation: an
attacker able to run unprivileged code on the target machine (including for
example javascript code in a browser on a smartphone) during the handshake
could deduce enough information to discover the password in a dictionary
attack.

CVE-2019-9497

Reflection attack against EAP-pwd server implementation: a lack of
validation of received scalar and elements value in the EAP-pwd-Commit
messages could result in attacks that would be able to complete EAP-pwd
authentication exchange without the attacker having to know the password.
This does not result in the attacker being able to derive the session key,
complete the following key exchange and access the network.

CVE-2019-9498

EAP-pwd server missing commit validation for scalar/element: hostapd
doesn't validate values received in the EAP-pwd-Commit message, so an
attacker could use a specially crafted commit message to manipulate the
exchange in order for hostapd to derive a session key from a limited set of
possible values. This could result in an attacker being able to complete
authentication and gain access to the network.

CVE-2019-9499

EAP-pwd peer missing commit validation for scalar/element: wpa_supplicant
doesn't validate values received in the EAP-pwd-Commit message, so an
attacker could use a specially crafted commit message to manipulate the
exchange in order for wpa_supplicant to derive a session key from a limited
set of possible values. This could result in an attacker being able to
complete authentication and operate as a rogue AP.

Note that the Dragonblood moniker also applies to CVE-2019-9494 and
CVE-2014-9496 which are vulnerabilities in the SAE protocol in WPA3. SAE is not
enabled in Debian stretch builds of wpa, which is thus not vulnerable by default.

Due to the complexity of the backporting process, the fix for these
vulnerabilities are partial. Users are advised to use strong passwords to
prevent dictionary attacks or use a 2.7-based version from stretch-backports
(version above 2:2.7+git20190128+0c1e29f-4).

For the stable distribution (stretch), these problems have been fixed in
version 2:2.4-1+deb9u3.

We recommend that you upgrade your wpa packages.

For the detailed security status of wpa please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wpa

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlyu2lQACgkQ3rYcyPpX
RFtamggAlq8telLPhKzD1+Ns+Pci+Y+WkOAmUpn4XQ0TOmG18sDU1iS2xNHF+buA
lXVKLp7zgE4VFJsclHAJXtp8anyo7YU99NzUcSF6vboRm3msifL4eE3S7IS9fAaH
0WWCHwlHMf9IGHqBn9mkwiYySwlId8ps3lvoVV2EOB4wJqa4Y6d4YrqPyFzWop56
jKTlTcJqvQBUFo/y9In/sx8QgONhNwnNAKcrBfiVwn8QHuMRA4c4UJz+NN38ctyt
djA/zqT/uXwWhr8Mfl7J+rfdsC5TFPl45qr/gbmB7GRlU2la0dGJv/l0afbINrrG
NoAgpOeMrwijIdDJ9vG6O3YVV6bIkg==OkO5
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close