[clug] linux Digest, Vol 178, Issue 10
Sharon Doig
po_box_304 at yahoo.com.au
Fri Oct 20 06:32:40 UTC 2017
HI All,Has anyone heard how Suse is going to fix the Wifi Krack Vulnerability? I've been trying to find out since I run a HP with Leap and some times use wifi.
Anyone know when I can expect a patch to fix the problem? Or where to find it?
BTW, I found out via my IT department and confirmed it via ABC News: A new flaw in Wi-Fi affects everyone. Here's how to protect yourself
|
|
|
| | |
|
|
|
| |
A new flaw in Wi-Fi affects everyone. Here's how to protect yourself
A Belgian researcher has turned the tech world upside down by discovering a flaw in Wi-Fi that allows anyone to ...
|
|
|
Thanks,
Sharon Doig
Sharon Doig in Canberra - Australia
E: po_box_304 at yahoo.com.au
Blog: http://www.rosiesstuffnsew.blogspot.com
********************************************
Make your mark and achieve success
or, if need be, die in the attempt.
Miriam Leslie
********************************************
On Thursday, 19 October 2017, 11:01:16 pm AEDT, linux-request at lists.samba.org <linux-request at lists.samba.org> wrote:
Send linux mailing list submissions to
linux at lists.samba.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.samba.org/mailman/listinfo/linux
or, via email, send a message with subject or body 'help' to
linux-request at lists.samba.org
You can reach the person managing the list at
linux-owner at lists.samba.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of linux digest..."
Today's Topics:
1. Re: WPA2 4-way handshake client vulnerability (steve jenkin)
2. Fwd: WPA2 4-way handshake client vulnerability (Simon Oxwell)
3. Re: WPA2 4-way handshake client vulnerability (Bryan Kilgallin)
4. Re: Fwd: WPA2 4-way handshake client vulnerability
(Michael Ellerman)
----------------------------------------------------------------------
Message: 1
Date: Thu, 19 Oct 2017 12:49:27 +1100
From: steve jenkin <sjenkin at canb.auug.org.au>
To: CLUG List <Linux at lists.samba.org>
Subject: Re: [clug] WPA2 4-way handshake client vulnerability
Message-ID: <C386CB58-CEE6-4746-83B6-F685561FFA0E at canb.auug.org.au>
Content-Type: text/plain; charset=utf-8
[update at end]
> On 17 Oct 2017, at 06:51, Chris Smart via linux <linux at lists.samba.org> wrote:
>
> https://www.krackattacks.com/
>
> "In a key reinstallation attack, the adversary tricks a victim into
> reinstalling an already-in-use key. This is achieved by manipulating and
> replaying cryptographic handshake messages. When the victim reinstalls
> the key, associated parameters such as the incremental transmit packet
> number (i.e. nonce) and receive packet number (i.e. replay counter) are
> reset to their initial value. Essentially, to guarantee security, a key
> should only be installed and used once. Unfortunately, we found this is
> not guaranteed by the WPA2 protocol. By manipulating cryptographic
> handshakes, we can abuse this weakness in practice....
>
> Linux's wpa_supplicant v2.6 is also vulnerable to the installation of an
> all-zero encryption key in the 4-way handshake. This was discovered by
> John A. Van Boxtel. As a result, all Android versions higher than 6.0
> are also affected by the attack, and hence can be tricked into
> installing an all-zero encryption key. The new attack works by injecting
> a forged message 1, with the same ANonce as used in the original message
> 1, before forwarding the retransmitted message 3 to the victim."
>
> —
Thanks to Chris for raising this on the list.
For those playing at home, Debian & Ubuntu released security patches a few days ago. I’d expect Fedora &RedHat would’ve done the same.
Looking at what I presume is the ‘upstream’ code, there might be another round of minor changes to come after some more testing.
My ZTE Android device hasn’t seen a ‘Play Store’ update, but maybe on Nov 6th - but would Google push kernel updates like this?
<https://www.androidcentral.com/krack>
Hadn’t checked before today, but iiNet has a firmware update dated 'Oct 18’ & another ‘Oct 19’.
But the date on file downloaded is Aug 2015 and the the release/version numbers are the same [HG658 V100 R001 C138 B020]
No email from iiNet about this yet though.
<http://ftp.iinet.net.au/pub/iinet/firmware/HomeGateway/HuaweiHG658/>
If anyone has good information on how Android kernel updates are going to be rolled out, I’m very interested.
regards
steve
====================
This Seems to be the ‘upstream’ for wpa_suplicant source code
<http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=summary>
Ubuntu Security Notice USN-3455-1
<https://usn.ubuntu.com/usn/usn-3455-1/>
> Several security issues were fixed in wpa_supplicant.
DSA-3999-1 wpa -- security update
<https://www.debian.org/security/2017/dsa-3999>
Jessie
<https://packages.debian.org/source/jessie/wpa>
<https://packages.debian.org/jessie/wpasupplicant>
<https://packages.debian.org/jessie/hostapd>
Source code - can’t find the changelog :(
<https://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/>
<https://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/debian/changelog?view=log>
Revision 1976 - (view) (download) (annotate) - [select for diffs]
Modified Wed May 25 03:07:15 2016 UTC (16 months, 3 weeks ago) by slh-guest
>From downloaded tarballs:
wpa_2.3-1+deb8u5.debian.tar.xz
ls -l debian/changelog
-rw-r--r-- 1 steve staff 107252 14 Oct 23:11 debian/changelog
> wpa (2.3-1+deb8u5) jessie-security; urgency=high
>
> * Non-maintainer upload by the Security Team.
> * Add patches to fix WPA protocol vulnerabilities (CVE-2017-13077,
> CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,
> CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088):
> - hostapd: Avoid key reinstallation in FT handshake
> - Prevent reinstallation of an already in-use group key
> - Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
> - Fix PTK rekeying to generate a new ANonce
> - TDLS: Reject TPK-TK reconfiguration
> - WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
> - WNM: Ignore WNM-Sleep Mode Response without pending request
> - FT: Do not allow multiple Reassociation Response frames
> - TDLS: Ignore incoming TDLS Setup Response retries
>
> -- Yves-Alexis Perez <corsac at debian.org> Sat, 14 Oct 2017 14:11:26 +0200
--
Steve Jenkin, IT Systems and Design
0412 786 915 (+61 412 786 915)
PO Box 38, Kippax ACT 2615, AUSTRALIA
mailto:sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
------------------------------
Message: 2
Date: Thu, 19 Oct 2017 15:05:18 +1100
From: Simon Oxwell <soxwell at gmail.com>
To: CLUG List <linux at lists.samba.org>
Subject: [clug] Fwd: WPA2 4-way handshake client vulnerability
Message-ID:
<CAHw+uByQd5Vty_szHH8mJEnj01S9-obj58wPeY5HO=qO68KLTg at mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
On 19 October 2017 at 12:49, steve jenkin via linux <linux at lists.samba.org>
wrote:
> [update at end]
>
> > On 17 Oct 2017, at 06:51, Chris Smart via linux <linux at lists.samba.org>
> wrote:
> >
> > https://www.krackattacks.com/
> >
>
> <SNIP>
>
> If anyone has good information on how Android kernel updates are going to
> be rolled out, I’m very interested.
>
>
> I suspect it'll be the usual - AOSP willl be updated with patches for the
kernel and wpa_supplicant (wpa_supplicant seems to be where the real
trouble is, particularly for Linux and Android), and vendors will issue
patches for their hardware. ie, nothing much will happen unless you have a
recent flagship.
Simon
------------------------------
Message: 3
Date: Thu, 19 Oct 2017 18:55:33 +1100
From: Bryan Kilgallin <kilgallin at iinet.net.au>
To: linux at lists.samba.org
Subject: Re: [clug] WPA2 4-way handshake client vulnerability
Message-ID: <a9002fe7-0e5f-e333-7a93-7bbd9c2766ce at iinet.net.au>
Content-Type: text/plain; charset=utf-8; format=flowed
Thanks, Steve:
> Hadn’t checked before today, but iiNet has a firmware update dated 'Oct 18’ & another ‘Oct 19’.
> But the date on file downloaded is Aug 2015 and the the release/version numbers are the same [HG658 V100 R001 C138 B020]
I just updated firmware for my BudiiLite ADSL router.
BudiiLite_nand_fs_image_128_1300.bin
That's dated this morning.
http://ftp.iinet.net.au/pub/iinet/firmware/BudiiLite/
In iiNet's Budii Lite login page--Firefox reports this about the modem
password field. "This connection is not secure. Logins entered here
could be compromised."
--
members.iinet.net.au/~kilgallin/
------------------------------
Message: 4
Date: Thu, 19 Oct 2017 22:38:44 +1100
From: Michael Ellerman <michael at ellerman.id.au>
To: Simon Oxwell <soxwell at gmail.com>, CLUG List
<linux at lists.samba.org>
Subject: Re: [clug] Fwd: WPA2 4-way handshake client vulnerability
Message-ID: <87o9p34baz.fsf at concordia.ellerman.id.au>
Content-Type: text/plain; charset=utf-8
Simon Oxwell via linux <linux at lists.samba.org> writes:
> On 19 October 2017 at 12:49, steve jenkin via linux <linux at lists.samba.org>
> wrote:
>> [update at end]
>>
>> > On 17 Oct 2017, at 06:51, Chris Smart via linux <linux at lists.samba.org>
>> wrote:
>> >
>> > https://www.krackattacks.com/
>>
>> <SNIP>
>
>> If anyone has good information on how Android kernel updates are going to
>> be rolled out, I’m very interested.
> I suspect it'll be the usual - AOSP willl be updated with patches for the
> kernel and wpa_supplicant (wpa_supplicant seems to be where the real
> trouble is, particularly for Linux and Android)
As far as I've seen there is no fix for the kernel, it's all in
wpa_supplicant.
cheers
------------------------------
Subject: Digest Footer
_______________________________________________
linux mailing list
linux at lists.samba.org
https://lists.samba.org/mailman/listinfo/linux
------------------------------
End of linux Digest, Vol 178, Issue 10
**************************************
More information about the linux
mailing list