Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33

Thread: WPA2 situation

  1. #1

    Default WPA2 situation

    Doea anyone know when is there going to be a security update for the recent wpa2 problem ?

  2. #2
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,226

    Default Re: WPA2 situation

    It's already available in 42.2-test and 42.3-test, SLE12 received patches already.

    My guess; today.
    .: miuku @ #opensuse @ irc.libera.chat

  3. #3

    Default Re: WPA2 situation

    Quote Originally Posted by Miuku View Post
    It's already available in 42.2-test and 42.3-test, SLE12 received patches already.

    My guess; today.
    I should really update machine from 42.1 to 42.2 but got no backup..

  4. #4
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,226

    Default Re: WPA2 situation

    Well luckily you have us; I rebuilt the 42.2 patched version of wpa_supplicant for 42.1 here:
    Code:
    https://download.opensuse.org/repositories/home:/Miuku:/discontinued/openSUSE_Leap_42.1/
    As usual the "Use at your own risk, I don't have 42.1 but it should work just fine. You'll have to vendor change there and please upgrade your boxes whenever possible" -clause applies
    .: miuku @ #opensuse @ irc.libera.chat

  5. #5
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: WPA2 situation

    Can this really be patched client-side only?

    I haven't been able to view an in-depth technical demo,
    But, from the descriptions I've read, it seemed very much like a cousin to the Diffie Hellman key exchange flaw discovered and patched last year (that's a 3-step handshake, Wifi is a 4-step handshake and the flaw is purported the third step).

    Or, maybe the key randomization has changed?
    Are there then both a "better than none" patch for clients and only when both AP and client are patched would the problem be fully addressed?

    Skimming a published list of patches for different vendors, I see patches for both servers and clients...

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  6. #6
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,226

    Default Re: WPA2 situation

    It's actually possible to "fix" the issue with a client side patch since the attack is aimed at it. You also have to patch any repeaters you have and possibly bridging devices.

    Here's a link to the way they fixed it in wpa_supplicant (and hostapd) and ways to mitigate the issue; http://w1.fi/security/2017-1/wpa-pac...d-messages.txt
    .: miuku @ #opensuse @ irc.libera.chat

  7. #7
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: WPA2 situation

    Thx for the link...


    Based on your reference and all IMO(Anyone can therfor laugh or insult any of my opinions as you like)...


    As I theorized, there are largely two overall types of vulnerabilities based on the AP or the client(station) side and patching one side does not address the vulnerabilities of the other...


    The AP side of course likely applies to practically every AP in existence... I can't think of a single WiFi AP that isn't likely based on some version of Linux/Unix... And it's also further likely to be based on Busybox. For more about issues about Busybox and IoT, see a slide deck from my presentation last year (and re-presented several times since)


    http://bit.ly/2iarkvY


    The main vulnerability related to APs seem to be packet replay, which is time-sensitive. The contents of the session remain encrypted and not likely crackable by the attacker before the session expires, but might not need to be cracked and could be exploitable by a MITM or similar attack, thereby taking over the connection.


    Other AP theoretical vulnerabilities are described with little practical likelihood to be exploited.


    From the description,
    Although I've read how MS Windows clients might not be vulnerable (although MS has already released patches) my guess is that Windows station sessions would be affected even if Windows machines themselves are not hacked.


    The client(station) vulnerabiities are more serious,
    Several vulnerabilities and scenarios are described which disable packet authentication by resetting the client-side packet enumeration which is generally the primary way for TCP/IP session packets to be authenticated. This can possibly result in the attacker "resetting" the network connection and taking it over. For the moment, I can't think of a way an attacker might eavesdrop on a connection instead. If the original User has an open session to a remote Internet site, depending on the network connection's authentication and authorization I suppose some types of connections might be compromised, and the attacker might have immediate access.


    IMO possible mitigation is that these attacks require capturing a very few specific packets issued when a handshake is done and must be cracked before the original User's session has disconnected. So, networks where Users disconnect frequently and sessions are relatively short(particularly APs that issue rotating keys every few minutes) are less vulnerable whereas the converse would likely be true, if you have a large number of permanent Hosts which generate little traffic and rarely disconnect(sessions are longer) could be very vulnerable.


    In both of the above types of vulnerabilities, the attacker would at the least potentially have some degree and possibly full access to LAN resources.

    Of course,
    Everything described here might be exploited only by an attacker with physical access to the WiFi signal, nothing described here is exploitable further away or over a non-wireless connection.


    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  8. #8
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,226

    Default Re: WPA2 situation

    Windows was vulnerable too, they just patched it last week so they weren't "counted as vulnerable anymore". OpenBSD patched in July though so.. they're the Official Patch King.
    .: miuku @ #opensuse @ irc.libera.chat

  9. #9
    Join Date
    Jun 2017
    Location
    Australia
    Posts
    582

    Default Re: WPA2 situation

    Quote Originally Posted by Miuku View Post
    It's already available in 42.2-test and 42.3-test, SLE12 received patches already.

    My guess; today.
    Hello - is it reasonable for me to assume that Tumbleweed also is now patched pls?

  10. #10
    Join Date
    Jun 2008
    Location
    East of Podunk
    Posts
    33,257
    Blog Entries
    15

    Default Re: WPA2 situation

    Quote Originally Posted by GooeyGirl View Post
    Hello - is it reasonable for me to assume that Tumbleweed also is now patched pls?
    Hi
    Nope, Check the changelog?

    Code:
    cat /etc/os-release |grep VERSION_ID
    
    VERSION_ID="20171017"
    
     rpm -q --changelog wpa_supplicant | head -n 5
    * Mon Oct 16 2017 meissner@suse.com
    - Fix KRACK attacks (bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088):
      - rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
      - rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
      - rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

Page 1 of 4 123 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •