[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-17:07.wpa

Franco Fichtner franco at lastsummer.de
Tue Oct 17 19:44:38 UTC 2017 

Hi,

The entry in UPDATING on releng/11.1 annotates "p13" but should say "p2".


Cheers,
Franco

> On 17. Oct 2017, at 8:22 PM, FreeBSD Security Advisories <security-advisories at freebsd.org> wrote:
> 
> Signed PGP part
> =============================================================================
> FreeBSD-SA-17:07.wpa                                        Security Advisory
>                                                           The FreeBSD Project
> 
> Topic:          WPA2 protocol vulnerability
> 
> Category:       contrib
> Module:         wpa
> Announced:      2017-10-16
> Credits:        Mathy Vanhoef
> Affects:        All supported versions of FreeBSD.
> Corrected:      2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE)
>                 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2)
>                 2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13)
> CVE Name:       CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
>                 CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
>                 CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
> 
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:https://security.FreeBSD.org/>.
> 
> I.   Background
> 
> Wi-Fi Protected Access II (WPA2) is a security protocol developed by the
> Wi-Fi Alliance to secure wireless computer networks.
> 
> hostapd and wpa_supplicant are implementations of user space daemon for
> access points and wireless client that implements the WPA2 protocol.
> 
> II.  Problem Description
> 
> A vulnerability was found in how a number of implementations can be
> triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
> replaying a specific frame that is used to manage the keys.
> 
> III. Impact
> 
> Such reinstallation of the encryption key can result in two different
> types of vulnerabilities: disabling replay protection and significantly
> reducing the security of encryption to the point of allowing frames to
> be decrypted or some parts of the keys to be determined by an attacker
> depending on which cipher is used.
> 
> IV.  Workaround
> 
> An updated version of wpa_supplicant is available in the FreeBSD Ports
> Collection. Install version 2.6_2 or later of the
> security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf
> to use the new binary:
> 
> wpa_supplicant_program="/usr/local/sbin/wpa_supplicant"
> 
> and restart networking.
> 
> An updated version of hostapd is available in the FreeBSD Ports
> Collection. Install version 2.6_1 or later of the net/hostapd port/pkg.
> Once installed, update /etc/rc.conf to use the new binary:
> 
> hostapd_program="/usr/local/sbin/hostapd"
> 
> and restart hostapd.
> 
> V.   Solution
> 
> Patches are currently available for stable/11, releng/11.0, and
> releng/11.1. Patches for stable/10, releng/10.3, and releng/10.4 are
> still being evaluated.
> 
> Perform one of the following:
> 
> 1) Upgrade your vulnerable system to a supported FreeBSD stable or
> release / security branch (releng) dated after the correction date.
> 
> Restart the Wi-Fi network interfaces/hostapd or reboot the system.
> 
> 2) To update your vulnerable system via a binary patch:
> 
> Systems running a RELEASE version of FreeBSD on the i386 or amd64
> platforms can be updated via the freebsd-update(8) utility:
> 
> # freebsd-update fetch
> # freebsd-update install
> 
> Restart the Wi-Fi network interfaces/hostapd or reboot the system.
> 
> 3) To update your vulnerable system via a source code patch:
> 
> The following patches have been verified to apply to the applicable
> FreeBSD release branches.
> 
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
> 
> [FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE]
> # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch
> # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc
> # gpg --verify wpa-11.patch.asc
> 
> b) Apply the patch.  Execute the following commands as root:
> 
> # cd /usr/src
> # patch < /path/to/patch
> 
> c) Recompile the operating system using buildworld and installworld as
> described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
> 
> Restart the applicable daemons, or reboot the system.
> 
> VI.  Correction details
> 
> The following list contains the correction revision numbers for each
> affected branch.
> 
> Branch/path                                                      Revision
> -------------------------------------------------------------------------
> stable/11/                                                        r324697
> releng/11.0/                                                      r324698
> releng/11.1/                                                      r324699
> -------------------------------------------------------------------------
> 
> To see which files were modified by a particular revision, run the
> following command, replacing NNNNNN with the revision number, on a
> machine with Subversion installed:
> 
> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
> 
> Or visit the following URL, replacing NNNNNN with the revision number:
> 
> <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
> 
> VII. References
> 
> <URL:https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt>
> <URL:https://www.krackattacks.com/>
> 
> The latest revision of this advisory is available at
> <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc>
> 
> _______________________________________________
> freebsd-announce at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-announce
> To unsubscribe, send any mail to "freebsd-announce-unsubscribe at freebsd.org"

More information about the freebsd-security mailing list