Arch Linux Security Advisory ASA-201710-22
==========================================

Severity: High
Date    : 2017-10-16
CVE-ID  : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
          CVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088
Package : wpa_supplicant
Type    : man-in-the-middle
Remote  : Yes
Link    : https://security.archlinux.org/AVG-447

Summary
=======

The package wpa_supplicant before version 1:2.6-11 is vulnerable to
man-in-the-middle.

Resolution
==========

Upgrade to 1:2.6-11.

# pacman -Syu "wpa_supplicant>=1:2.6-11"

The problems have been fixed upstream but no release is available yet.

Workaround
==========

None.

Description
===========

- CVE-2017-13077 (man-in-the-middle)

A vulnerability has been discovered that allows reinstallation of the
pairwise encryption key (PTK-TK) in the 4-way handshake.

- CVE-2017-13078 (man-in-the-middle)

A vulnerability has been discovered that allows reinstallation of the
group key (GTK) in the 4-way handshake.

- CVE-2017-13079 (man-in-the-middle)

A vulnerability has been discovered that allows reinstallation of the
integrity group key (IGTK) in the 4-way handshake.

- CVE-2017-13080 (man-in-the-middle)

A vulnerability has been discovered that allows reinstallation of the
group key (GTK) in the group key handshake.

- CVE-2017-13081 (man-in-the-middle)

A vulnerability has been discovered that allows reinstallation of the
integrity group key (IGTK) in the group key handshake.

- CVE-2017-13082 (man-in-the-middle)

A vulnerability has been discovered that allows accepting a
retransmitted FT Reassociation Request and reinstalling the pairwise
key (PTK) while processing it.

- CVE-2017-13087 (man-in-the-middle)

A vulnerability has been discovered that allows reinstallation of the
group key (GTK) when processing a Wireless Network Management (WNM)
Sleep Mode Response frame.

- CVE-2017-13088 (man-in-the-middle)

A vulnerability has been discovered that allows reinstallation of the
integrity group key (IGTK) when processing a Wireless Network
Management (WNM) Sleep Mode Response frame.

Impact
======

A remote attacker within physical proximity to the target WiFi network
is able to decrypt all data that the victim transmits, inject arbitrary
packets to hijack TCP connection or replay unicast and group-addressed
frames.

References
==========

https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
https://papers.mathyvanhoef.com/ccs2017.pdf
https://www.kb.cert.org/vuls/id/228519
https://www.krackattacks.com/
https://w1.fi/cgit/hostap/commit/?id=53bb18cc8b7a4da72e47e4b3752d0d2135cffb23
https://w1.fi/cgit/hostap/commit/?id=0adc9b28b39d414d5febfff752f6a1576f785c85
https://w1.fi/cgit/hostap/commit/?id=cb5132bb35698cc0c743e34fe0e845dfc4c3e410
https://w1.fi/cgit/hostap/commit/?id=0e3bd7ac684a2289aa613347e2f3ad54ad6a9449
https://w1.fi/cgit/hostap/commit/?id=e760851176c77ae6de19821bb1d5bf3ae2cb5187
https://w1.fi/cgit/hostap/commit/?id=2a9c5217b18be9462a5329626e2f95cc7dd8d4f1
https://w1.fi/cgit/hostap/commit/?id=87e2db16bafcbc60b8d0016175814a73c1e8ed45
https://security.archlinux.org/CVE-2017-13077
https://security.archlinux.org/CVE-2017-13078
https://security.archlinux.org/CVE-2017-13079
https://security.archlinux.org/CVE-2017-13080
https://security.archlinux.org/CVE-2017-13081
https://security.archlinux.org/CVE-2017-13082
https://security.archlinux.org/CVE-2017-13087
https://security.archlinux.org/CVE-2017-13088