Re: linux Digest, Vol 178, Issue 10

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: linux Digest, Vol 178, Issue 10

Samba - linux mailing list
HI All,Has anyone heard how Suse is going to fix the Wifi Krack Vulnerability? I've been trying to find out since I run a HP with Leap and some times use wifi.
Anyone know when I can expect a patch to fix the problem? Or where to find it?
BTW, I found out via my IT department and confirmed it via ABC News: A new flaw in Wi-Fi affects everyone. Here's how to protect yourself


|
|
|
|  |  |

 |

 |
|
|  |
A new flaw in Wi-Fi affects everyone. Here's how to protect yourself

A Belgian researcher has turned the tech world upside down by discovering a flaw in Wi-Fi that allows anyone to ...
 |

 |

 |






Thanks,
Sharon Doig


Sharon Doig in Canberra - Australia
E: [hidden email]

Blog:  http://www.rosiesstuffnsew.blogspot.com
********************************************
Make your mark and achieve success
or, if need be, die in the attempt.
Miriam Leslie
********************************************
 

    On Thursday, 19 October 2017, 11:01:16 pm AEDT, [hidden email] <[hidden email]> wrote:  
 
 Send linux mailing list submissions to
    [hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
    https://lists.samba.org/mailman/listinfo/linux
or, via email, send a message with subject or body 'help' to
    [hidden email]

You can reach the person managing the list at
    [hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of linux digest..."


Today's Topics:

  1. Re: WPA2 4-way handshake client vulnerability (steve jenkin)
  2. Fwd:  WPA2 4-way handshake client vulnerability (Simon Oxwell)
  3. Re: WPA2 4-way handshake client vulnerability (Bryan Kilgallin)
  4. Re: Fwd:  WPA2 4-way handshake client vulnerability
      (Michael Ellerman)


----------------------------------------------------------------------

Message: 1
Date: Thu, 19 Oct 2017 12:49:27 +1100
From: steve jenkin <[hidden email]>
To: CLUG List <[hidden email]>
Subject: Re: [clug] WPA2 4-way handshake client vulnerability
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=utf-8

[update at end]

> On 17 Oct 2017, at 06:51, Chris Smart via linux <[hidden email]> wrote:
>
> https://www.krackattacks.com/
>
> "In a key reinstallation attack, the adversary tricks a victim into
> reinstalling an already-in-use key. This is achieved by manipulating and
> replaying cryptographic handshake messages. When the victim reinstalls
> the key, associated parameters such as the incremental transmit packet
> number (i.e. nonce) and receive packet number (i.e. replay counter) are
> reset to their initial value. Essentially, to guarantee security, a key
> should only be installed and used once. Unfortunately, we found this is
> not guaranteed by the WPA2 protocol. By manipulating cryptographic
> handshakes, we can abuse this weakness in practice....
>
> Linux's wpa_supplicant v2.6 is also vulnerable to the installation of an
> all-zero encryption key in the 4-way handshake. This was discovered by
> John A. Van Boxtel. As a result, all Android versions higher than 6.0
> are also affected by the attack, and hence can be tricked into
> installing an all-zero encryption key. The new attack works by injecting
> a forged message 1, with the same ANonce as used in the original message
> 1, before forwarding the retransmitted message 3 to the victim."
>
> —


Thanks to Chris for raising this on the list.

For those playing at home, Debian & Ubuntu released security patches a few days ago. I’d expect Fedora &RedHat would’ve done the same.
Looking at what I presume is the ‘upstream’ code, there might be another round of minor changes to come after some more testing.

My ZTE Android device hasn’t seen a ‘Play Store’ update, but maybe on Nov 6th - but would Google push kernel updates like this?
<https://www.androidcentral.com/krack>

Hadn’t checked before today, but iiNet has a firmware update dated 'Oct 18’ & another ‘Oct 19’.
But the date on file downloaded is Aug 2015 and the the release/version numbers are the same [HG658 V100 R001 C138 B020]
No email from iiNet about this yet though.
<http://ftp.iinet.net.au/pub/iinet/firmware/HomeGateway/HuaweiHG658/>

If anyone has good information on how Android kernel updates are going to be rolled out, I’m very interested.

regards
steve

====================

This Seems to be the ‘upstream’ for wpa_suplicant source code
<http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=summary>

Ubuntu Security Notice USN-3455-1
<https://usn.ubuntu.com/usn/usn-3455-1/>
> Several security issues were fixed in wpa_supplicant.

DSA-3999-1 wpa -- security update
<https://www.debian.org/security/2017/dsa-3999>

Jessie
<https://packages.debian.org/source/jessie/wpa>
<https://packages.debian.org/jessie/wpasupplicant>
<https://packages.debian.org/jessie/hostapd>

Source code - can’t find the changelog :(
<https://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/>

<https://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/debian/changelog?view=log>
Revision 1976 - (view) (download) (annotate) - [select for diffs]
Modified Wed May 25 03:07:15 2016 UTC (16 months, 3 weeks ago) by slh-guest

From downloaded tarballs:
wpa_2.3-1+deb8u5.debian.tar.xz

ls -l debian/changelog
-rw-r--r--  1 steve  staff  107252 14 Oct 23:11 debian/changelog

> wpa (2.3-1+deb8u5) jessie-security; urgency=high
>
>  * Non-maintainer upload by the Security Team.
>  * Add patches to fix WPA protocol vulnerabilities (CVE-2017-13077,
>    CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,
>    CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088):
>    - hostapd: Avoid key reinstallation in FT handshake
>    - Prevent reinstallation of an already in-use group key
>    - Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
>    - Fix PTK rekeying to generate a new ANonce
>    - TDLS: Reject TPK-TK reconfiguration
>    - WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
>    - WNM: Ignore WNM-Sleep Mode Response without pending request
>    - FT: Do not allow multiple Reassociation Response frames
>    - TDLS: Ignore incoming TDLS Setup Response retries
>
> -- Yves-Alexis Perez <[hidden email]>  Sat, 14 Oct 2017 14:11:26 +0200


--
Steve Jenkin, IT Systems and Design
0412 786 915 (+61 412 786 915)
PO Box 38, Kippax ACT 2615, AUSTRALIA

mailto:[hidden email] http://members.tip.net.au/~sjenkin




------------------------------

Message: 2
Date: Thu, 19 Oct 2017 15:05:18 +1100
From: Simon Oxwell <[hidden email]>
To: CLUG List <[hidden email]>
Subject: [clug] Fwd:  WPA2 4-way handshake client vulnerability
Message-ID:
    <CAHw+uByQd5Vty_szHH8mJEnj01S9-obj58wPeY5HO=[hidden email]>
Content-Type: text/plain; charset="UTF-8"

On 19 October 2017 at 12:49, steve jenkin via linux <[hidden email]>
wrote:

> [update at end]
>
> > On 17 Oct 2017, at 06:51, Chris Smart via linux <[hidden email]>
> wrote:
> >
> > https://www.krackattacks.com/
> >
>
> <SNIP>

>
> If anyone has good information on how Android kernel updates are going to
> be rolled out, I’m very interested.
>
>
> I suspect it'll be the usual - AOSP willl be updated with patches for the
kernel and wpa_supplicant  (wpa_supplicant seems to be where the real
trouble is, particularly for Linux and Android), and vendors will issue
patches for their hardware. ie, nothing much will happen unless you have a
recent flagship.


Simon


------------------------------

Message: 3
Date: Thu, 19 Oct 2017 18:55:33 +1100
From: Bryan Kilgallin <[hidden email]>
To: [hidden email]
Subject: Re: [clug] WPA2 4-way handshake client vulnerability
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=utf-8; format=flowed

Thanks, Steve:

> Hadn’t checked before today, but iiNet has a firmware update dated 'Oct 18’ & another ‘Oct 19’.
> But the date on file downloaded is Aug 2015 and the the release/version numbers are the same [HG658 V100 R001 C138 B020]

I just updated firmware for my BudiiLite ADSL router.
BudiiLite_nand_fs_image_128_1300.bin
That's dated this morning.
http://ftp.iinet.net.au/pub/iinet/firmware/BudiiLite/

In iiNet's Budii Lite login page--Firefox reports this about the modem
password field. "This connection is not secure. Logins entered here
could be compromised."
--
members.iinet.net.au/~kilgallin/



------------------------------

Message: 4
Date: Thu, 19 Oct 2017 22:38:44 +1100
From: Michael Ellerman <[hidden email]>
To: Simon Oxwell <[hidden email]>, CLUG List
    <[hidden email]>
Subject: Re: [clug] Fwd:  WPA2 4-way handshake client vulnerability
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=utf-8

Simon Oxwell via linux <[hidden email]> writes:

> On 19 October 2017 at 12:49, steve jenkin via linux <[hidden email]>
> wrote:
>> [update at end]
>>
>> > On 17 Oct 2017, at 06:51, Chris Smart via linux <[hidden email]>
>> wrote:
>> >
>> > https://www.krackattacks.com/
>>
>> <SNIP>
>
>> If anyone has good information on how Android kernel updates are going to
>> be rolled out, I’m very interested.

> I suspect it'll be the usual - AOSP willl be updated with patches for the
> kernel and wpa_supplicant  (wpa_supplicant seems to be where the real
> trouble is, particularly for Linux and Android)

As far as I've seen there is no fix for the kernel, it's all in
wpa_supplicant.

cheers



------------------------------

Subject: Digest Footer

_______________________________________________
linux mailing list
[hidden email]
https://lists.samba.org/mailman/listinfo/linux


------------------------------

End of linux Digest, Vol 178, Issue 10
**************************************
 
--
linux mailing list
[hidden email]
https://lists.samba.org/mailman/listinfo/linux
Reply | Threaded
Open this post in threaded view
|

Re: linux Digest, Vol 178, Issue 10

Samba - linux mailing list
On 20/10/17 17:32, Sharon Doig via linux wrote:
> HI All,Has anyone heard how Suse is going to fix the Wifi Krack Vulnerability? I've been trying to find out since I run a HP with Leap and some times use wifi.

I think this page might be what you need:

    https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html

Brett
--

  /) _ _ _/_/ / / /  _ _//
 /_)/</= / / (_(_/()/< ///


--
linux mailing list
[hidden email]
https://lists.samba.org/mailman/listinfo/linux