[clug] linux Digest, Vol 178, Issue 10

Fri Oct 20 06:32:40 UTC 2017

HI All,Has anyone heard how Suse is going to fix the Wifi Krack Vulnerability? I've been trying to find out since I run a HP with Leap and some times use wifi.
Anyone know when I can expect a patch to fix the problem? Or where to find it?
BTW, I found out via my IT department and confirmed it via ABC News: A new flaw in Wi-Fi affects everyone. Here's how to protect yourself

| 
| 
| 
|  |  |

 |

 |
| 
|  | 
A new flaw in Wi-Fi affects everyone. Here's how to protect yourself

A Belgian researcher has turned the tech world upside down by discovering a flaw in Wi-Fi that allows anyone to ...
 |

 |

 |

Thanks,
Sharon Doig

Sharon Doig in Canberra - Australia
E: po_box_304 at yahoo.com.au

Blog:  http://www.rosiesstuffnsew.blogspot.com
********************************************
Make your mark and achieve success
or, if need be, die in the attempt.
Miriam Leslie
********************************************

    On Thursday, 19 October 2017, 11:01:16 pm AEDT, linux-request at lists.samba.org <linux-request at lists.samba.org> wrote:  

 Send linux mailing list submissions to
    linux at lists.samba.org

To subscribe or unsubscribe via the World Wide Web, visit
    https://lists.samba.org/mailman/listinfo/linux
or, via email, send a message with subject or body 'help' to
    linux-request at lists.samba.org

You can reach the person managing the list at
    linux-owner at lists.samba.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of linux digest..."

Today's Topics:

  1. Re: WPA2 4-way handshake client vulnerability (steve jenkin)
  2. Fwd:  WPA2 4-way handshake client vulnerability (Simon Oxwell)
  3. Re: WPA2 4-way handshake client vulnerability (Bryan Kilgallin)
  4. Re: Fwd:  WPA2 4-way handshake client vulnerability
      (Michael Ellerman)

----------------------------------------------------------------------

Message: 1
Date: Thu, 19 Oct 2017 12:49:27 +1100
From: steve jenkin <sjenkin at canb.auug.org.au>
To: CLUG List <Linux at lists.samba.org>
Subject: Re: [clug] WPA2 4-way handshake client vulnerability
Message-ID: <C386CB58-CEE6-4746-83B6-F685561FFA0E at canb.auug.org.au>
Content-Type: text/plain; charset=utf-8

[update at end]

> On 17 Oct 2017, at 06:51, Chris Smart via linux <linux at lists.samba.org> wrote:
> 
> https://www.krackattacks.com/
> 
> "In a key reinstallation attack, the adversary tricks a victim into
> reinstalling an already-in-use key. This is achieved by manipulating and
> replaying cryptographic handshake messages. When the victim reinstalls
> the key, associated parameters such as the incremental transmit packet
> number (i.e. nonce) and receive packet number (i.e. replay counter) are
> reset to their initial value. Essentially, to guarantee security, a key
> should only be installed and used once. Unfortunately, we found this is
> not guaranteed by the WPA2 protocol. By manipulating cryptographic
> handshakes, we can abuse this weakness in practice....
> 
> Linux's wpa_supplicant v2.6 is also vulnerable to the installation of an
> all-zero encryption key in the 4-way handshake. This was discovered by
> John A. Van Boxtel. As a result, all Android versions higher than 6.0
> are also affected by the attack, and hence can be tricked into
> installing an all-zero encryption key. The new attack works by injecting
> a forged message 1, with the same ANonce as used in the original message
> 1, before forwarding the retransmitted message 3 to the victim."
> 
> — 

Thanks to Chris for raising this on the list.

For those playing at home, Debian & Ubuntu released security patches a few days ago. I’d expect Fedora &RedHat would’ve done the same.
Looking at what I presume is the ‘upstream’ code, there might be another round of minor changes to come after some more testing.

My ZTE Android device hasn’t seen a ‘Play Store’ update, but maybe on Nov 6th - but would Google push kernel updates like this?
<https://www.androidcentral.com/krack>

Hadn’t checked before today, but iiNet has a firmware update dated 'Oct 18’ & another ‘Oct 19’.
But the date on file downloaded is Aug 2015 and the the release/version numbers are the same [HG658 V100 R001 C138 B020]
No email from iiNet about this yet though.
<http://ftp.iinet.net.au/pub/iinet/firmware/HomeGateway/HuaweiHG658/>

If anyone has good information on how Android kernel updates are going to be rolled out, I’m very interested.

regards
steve

====================

This Seems to be the ‘upstream’ for wpa_suplicant source code
<http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=summary>

Ubuntu Security Notice USN-3455-1
<https://usn.ubuntu.com/usn/usn-3455-1/>
> Several security issues were fixed in wpa_supplicant.

DSA-3999-1 wpa -- security update
<https://www.debian.org/security/2017/dsa-3999>

Jessie
<https://packages.debian.org/source/jessie/wpa>
<https://packages.debian.org/jessie/wpasupplicant>
<https://packages.debian.org/jessie/hostapd>

Source code - can’t find the changelog :(
<https://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/>

<https://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/debian/changelog?view=log>
Revision 1976 - (view) (download) (annotate) - [select for diffs] 
Modified Wed May 25 03:07:15 2016 UTC (16 months, 3 weeks ago) by slh-guest 

>From downloaded tarballs:
wpa_2.3-1+deb8u5.debian.tar.xz

ls -l debian/changelog
-rw-r--r--  1 steve  staff  107252 14 Oct 23:11 debian/changelog

> wpa (2.3-1+deb8u5) jessie-security; urgency=high
> 
>  * Non-maintainer upload by the Security Team.
>  * Add patches to fix WPA protocol vulnerabilities (CVE-2017-13077,
>    CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,
>    CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088):
>    - hostapd: Avoid key reinstallation in FT handshake
>    - Prevent reinstallation of an already in-use group key
>    - Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
>    - Fix PTK rekeying to generate a new ANonce
>    - TDLS: Reject TPK-TK reconfiguration
>    - WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
>    - WNM: Ignore WNM-Sleep Mode Response without pending request
>    - FT: Do not allow multiple Reassociation Response frames
>    - TDLS: Ignore incoming TDLS Setup Response retries
> 
> -- Yves-Alexis Perez <corsac at debian.org>  Sat, 14 Oct 2017 14:11:26 +0200

--
Steve Jenkin, IT Systems and Design 
0412 786 915 (+61 412 786 915)
PO Box 38, Kippax ACT 2615, AUSTRALIA

mailto:sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin

------------------------------

Message: 2
Date: Thu, 19 Oct 2017 15:05:18 +1100
From: Simon Oxwell <soxwell at gmail.com>
To: CLUG List <linux at lists.samba.org>
Subject: [clug] Fwd:  WPA2 4-way handshake client vulnerability
Message-ID:
    <CAHw+uByQd5Vty_szHH8mJEnj01S9-obj58wPeY5HO=qO68KLTg at mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"

On 19 October 2017 at 12:49, steve jenkin via linux <linux at lists.samba.org>
wrote:

> [update at end]
>
> > On 17 Oct 2017, at 06:51, Chris Smart via linux <linux at lists.samba.org>
> wrote:
> >
> > https://www.krackattacks.com/
> >
>
> <SNIP>

>
> If anyone has good information on how Android kernel updates are going to
> be rolled out, I’m very interested.
>
>
> I suspect it'll be the usual - AOSP willl be updated with patches for the
kernel and wpa_supplicant  (wpa_supplicant seems to be where the real
trouble is, particularly for Linux and Android), and vendors will issue
patches for their hardware. ie, nothing much will happen unless you have a
recent flagship.

Simon

------------------------------

Message: 3
Date: Thu, 19 Oct 2017 18:55:33 +1100
From: Bryan Kilgallin <kilgallin at iinet.net.au>
To: linux at lists.samba.org
Subject: Re: [clug] WPA2 4-way handshake client vulnerability
Message-ID: <a9002fe7-0e5f-e333-7a93-7bbd9c2766ce at iinet.net.au>
Content-Type: text/plain; charset=utf-8; format=flowed

Thanks, Steve:

> Hadn’t checked before today, but iiNet has a firmware update dated 'Oct 18’ & another ‘Oct 19’.
> But the date on file downloaded is Aug 2015 and the the release/version numbers are the same [HG658 V100 R001 C138 B020]

I just updated firmware for my BudiiLite ADSL router.
BudiiLite_nand_fs_image_128_1300.bin
That's dated this morning.
http://ftp.iinet.net.au/pub/iinet/firmware/BudiiLite/

In iiNet's Budii Lite login page--Firefox reports this about the modem 
password field. "This connection is not secure. Logins entered here 
could be compromised."
-- 
members.iinet.net.au/~kilgallin/

------------------------------

Message: 4
Date: Thu, 19 Oct 2017 22:38:44 +1100
From: Michael Ellerman <michael at ellerman.id.au>
To: Simon Oxwell <soxwell at gmail.com>, CLUG List
    <linux at lists.samba.org>
Subject: Re: [clug] Fwd:  WPA2 4-way handshake client vulnerability
Message-ID: <87o9p34baz.fsf at concordia.ellerman.id.au>
Content-Type: text/plain; charset=utf-8

Simon Oxwell via linux <linux at lists.samba.org> writes:
> On 19 October 2017 at 12:49, steve jenkin via linux <linux at lists.samba.org>
> wrote:
>> [update at end]
>>
>> > On 17 Oct 2017, at 06:51, Chris Smart via linux <linux at lists.samba.org>
>> wrote:
>> >
>> > https://www.krackattacks.com/
>>
>> <SNIP>
>
>> If anyone has good information on how Android kernel updates are going to
>> be rolled out, I’m very interested.

> I suspect it'll be the usual - AOSP willl be updated with patches for the
> kernel and wpa_supplicant  (wpa_supplicant seems to be where the real
> trouble is, particularly for Linux and Android)

As far as I've seen there is no fix for the kernel, it's all in
wpa_supplicant.

cheers

------------------------------

Subject: Digest Footer

_______________________________________________
linux mailing list
linux at lists.samba.org
https://lists.samba.org/mailman/listinfo/linux

------------------------------

End of linux Digest, Vol 178, Issue 10
**************************************