ID

VAR-201904-1552

CVE

CVE-2019-9494

TITLE

WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant

DESCRIPTION

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. WPA3 Protocol and hostapd When wpa_supplicant There are multiple vulnerabilities in the implementation of, and a remote attacker can obtain weak password information and privileges, as well as disrupt service operations. (DoS) An attack may be carried out. These vulnerabilities "Dragonblood" It is called. CERT/CC Then continue WPA3 The protocol is being verified. Discovered this time WPA3 Vulnerabilities related to the implementation of can be attributed to the protocol specification itself. WPA3 Is a key exchange protocol, Simultaneous Authentication of Equals (SAE) Is adopted. this is "Dragonfly Key Exchange" It is also called WPA2 In Pre-Shared Key (PSK) Acts as a protocol replacement. hostapd Is WPA3 Access point and authentication server daemon is. Also, wpa_supplicant Is WPA authenticator ( access point ) Implemented key exchange with supplicant ( client ) And WPA3 Is supported. SAE confirm Message validation is not performed during processing (CWE-642) - CVE-2019-9496 hostapd Process hostapd/AP When operating in mode SAE confirm Incomplete verification of message processing due to incorrect authentication sequence hostapd The process may end. EAP-PWD Reflection attack (EAP-pwd-Commit Incorrect message validation ) (CWE-301) - CVE-2019-9497 hostapd (EAP Server) And wpa_supplicant (EAP Peer) In EAP-PWD In implementation, EAP-pwd-Commit Message scalar and element values are not validated. EAP-PWD Server In EAP-pwd-Commit Incorrect message validation (CWE-346) - CVE-2019-9498 hostapd (EAP Server) In EAP-PWD In the implementation, the cryptographic library used for the build is EAP-pwd-Commit Message element value (EC point) If you do not implement the verification process for EAP-pwd-Commit Message scalar and element values are not validated. EAP-PWD Peer In EAP-pwd-Commit Incorrect message validation (CWE-346) - CVE-2019-9499 wpa_supplicant (EAP Peer) In EAP-PWD In the implementation, the cryptographic library used for the build is EAP-pwd-Commit Message element value (EC point) If you do not implement the verification process for EAP-pwd-Commit Message scalar and element values are not validated.* A side-channel attack captures information that can be used to recover passwords - CVE-2019-9494 * A weak password is obtained by a dictionary attack - CVE-2019-9495 This attack requires the authority to install and execute applications. Memory access pattern analysis is possible by observing the shared cache. hostapd/wpa_supplicant 2.7 And later versions CVE-2019-9494 Is not affected by the timing attack *hostapd Process can be terminated ( Service operation interruption ) - CVE-2019-9496 *EAP-PWD Authentication is bypassed - CVE-2019-9497 Crypto library EC point If a verification process is implemented for an attacker, an attacker cannot acquire or exchange a session key * Illegal scalar / Session key is obtained using message with element value and authentication is bypassed - CVE-2019-9498, CVE-2019-9499. WPA3 is prone to a security weakness. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. There is an information disclosure vulnerability in WPA3, which originates from configuration errors in the network system or product during operation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:03.wpa Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in hostapd and wpa_supplicant Category: contrib Module: wpa Announced: 2019-05-14 Affects: All supported versions of FreeBSD. Corrected: 2019-05-01 01:42:38 UTC (stable/12, 12.0-STABLE) 2019-05-14 22:57:29 UTC (releng/12.0, 12.0-RELEASE-p4) 2019-05-01 01:43:17 UTC (stable/11, 11.2-STABLE) 2019-05-14 22:59:32 UTC (releng/11.2, 11.2-RELEASE-p10) CVE Name: CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, CVE-2019-11555 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background Wi-Fi Protected Access II (WPA2) is a security protocol developed by the Wi-Fi Alliance to secure wireless computer networks. hostapd(8) and wpa_supplicant(8) are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol. II. Problem Description Multiple vulnerabilities exist in the hostapd(8) and wpa_supplicant(8) implementations. For more details, please see the reference URLs in the References section below. III. Impact Security of the wireless network may be compromised. For more details, please see the reference URLS in the References section below. IV. Workaround No workaround is available, but systems not using hostapd(8) or wpa_supplicant(8) are not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Afterwards, restart hostapd(8) or wpa_supplicant(8). 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Afterwards, restart hostapd(8) or wpa_supplicant(8). 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 12.0] # fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch # fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch.asc # gpg --verify wpa-12.patch.asc [FreeBSD 11.2] # fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch # fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch.asc # gpg --verify wpa-11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r346980 releng/12.0/ r347587 stable/11/ r346981 releng/11.2/ r347588 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <URL:https://w1.fi/security/2019-1> <URL:https://w1.fi/security/2019-2> <URL:https://w1.fi/security/2019-3> <URL:https://w1.fi/security/2019-4> <URL:https://w1.fi/security/2019-5> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9494> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9496> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11555> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc> -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTrVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cLsaA/9EB577JYdYdwFCOQ6TiOVhyluLJzgrhG3aiXeBntj8ytkRjcXKnP0aega 3G2R1do7pixVYUF52OWJwaNO3Hm+LHMngiOqujcLI+49ISI3T/APaU/D2dqmXVb8 nN/Pd+0HDGj3R3MwyyHT8/3fX0pJ395vcQhYb61M6PUSrwr8uiBbILT57iCadZoL F4KOCvRv7I4EFWXvqngGfeohZbbeHPBga2DwuebWR/E/1uWrMKEOF2pvh4b6ZSN2 pdr7ZHMiL1cZt+p+2gwWoqDWyD93u2lTC7Gmo3Vom+meH7eaQ79obXEN541aiQ04 CYhjkwuW5uNGUWCO/Xsfn5gqICeB1G5A/aBHQlAyVgUGia8jukL1jn3ga4AQgKrN h9aTmvrQs17PjMVtq81ZS0xm0ztW0Y6t2A9fRgGcnOOw+uy5tHMbJaKSMy8x97NT gUyXtoyu47tjjMrzsQcma2t6/+iCEDuW1P1LybSmv/v59gro9uveCdl0busgM9GS M5bpWK/qYQS1HYmYeTKMRynmD8ntRbflYoUP/SpijHsz+56rgyeJO12WyltyT32f j5fgnKaznW/UPtgmK0wnPIG9XEj3Nzs4C4cypO5t8OiuLEli4wRdb6MYlvEjq4la R3lnCzmTd9sg+K6cod2qWWSYdsdEwizcpQDp7M9lRqomiANLqJ4= =MXma -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

information disclosure

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Mathy Vanhoef (New York University Abu Dhabi) and Eyal Ronen (Tel Aviv University),security.freebsd.org

SOURCES

LAST UPDATE DATE

2024-08-14T13:12:29.026000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE