Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

src:wpa: multiples vulnerabilities in SAE and EAP-pwd code in wpa

Related Vulnerabilities: CVE-2019-9494   CVE-2019-9495   CVE-2019-9496   CVE-2019-9497   CVE-2019-9498   CVE-2019-9499  

Source

Debian Bug report logs - #926801
src:wpa: multiples vulnerabilities in SAE and EAP-pwd code in wpa

version graph

Package: src:wpa; Maintainer for src:wpa is Debian wpasupplicant Maintainers <wpa@packages.debian.org>;

Reported by: Yves-Alexis Perez <corsac@debian.org>

Date: Wed, 10 Apr 2019 15:54:01 UTC

Severity: grave

Tags: security, upstream

Found in version wpa/2:2.7+git20190128+0c1e29f-3

Fixed in version wpa/2:2.7+git20190128+0c1e29f-4

Done: Andrej Shadura <andrewsh@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian wpasupplicant Maintainers <wpa@packages.debian.org>:
Bug#926801; Package src:wpa. (Wed, 10 Apr 2019 15:54:03 GMT) (full text, mbox, link).

Acknowledgement sent to Yves-Alexis Perez <corsac@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian wpasupplicant Maintainers <wpa@packages.debian.org>. (Wed, 10 Apr 2019 15:54:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Yves-Alexis Perez <corsac@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: src:wpa: multiples vulnerabilities in SAE and EAP-pwd code in wpa
Date: Wed, 10 Apr 2019 17:51:56 +0200
Package: src:wpa
Severity: grave
Tags: security
Justification: user security hole

Hi,

multiple vulnerabilities were discovered in wpa:

CVE-2019-9494 [cache attack against SAE]
CVE-2019-9495 [cache attack against EAP-pwd]
CVE-2019-9496 [SAE confirm missing state validation in hostapd/AP]
CVE-2019-9497 [EAP-pwd server not checking for reflection attack]
CVE-2019-9498 [EAP-pwd server missing commit validation for scalar/element]
CVE-2019-9499 [EAP-pwd peer missing commit validation for scalar/element]

When you fix them, please include references to those CVE in the
changelog.

Regards,
-- 
Yves-Alexis


-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Added tag(s) upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 10 Apr 2019 19:09:05 GMT) (full text, mbox, link).

Marked as found in versions wpa/2:2.7+git20190128+0c1e29f-3. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 10 Apr 2019 19:33:04 GMT) (full text, mbox, link).

Reply sent to Andrej Shadura <andrewsh@debian.org>:
You have taken responsibility. (Wed, 10 Apr 2019 21:24:03 GMT) (full text, mbox, link).

Notification sent to Yves-Alexis Perez <corsac@debian.org>:
Bug acknowledged by developer. (Wed, 10 Apr 2019 21:24:03 GMT) (full text, mbox, link).

Message #14 received at 926801-close@bugs.debian.org (full text, mbox, reply):

From: Andrej Shadura <andrewsh@debian.org>
To: 926801-close@bugs.debian.org
Subject: Bug#926801: fixed in wpa 2:2.7+git20190128+0c1e29f-4
Date: Wed, 10 Apr 2019 21:20:31 +0000
Source: wpa
Source-Version: 2:2.7+git20190128+0c1e29f-4

We believe that the bug you reported is fixed in the latest version of
wpa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 926801@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andrej Shadura <andrewsh@debian.org> (supplier of updated wpa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 10 Apr 2019 19:00:22 +0200
Source: wpa
Architecture: source
Version: 2:2.7+git20190128+0c1e29f-4
Distribution: unstable
Urgency: high
Maintainer: Debian wpasupplicant Maintainers <wpa@packages.debian.org>
Changed-By: Andrej Shadura <andrewsh@debian.org>
Closes: 926801
Changes:
 wpa (2:2.7+git20190128+0c1e29f-4) unstable; urgency=high
 .
   * Apply security fixes (Closes: #926801):
     - CVE-2019-9494: SAE cache attack against ECC groups (VU#871675)
     - CVE-2019-9495: EAP-pwd cache attack against ECC groups
     - CVE-2019-9496: SAE confirm missing state validation
     - CVE-2019-9497: EAP-pwd server not checking for reflection attack
     - CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element
     - CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element
 .
     For more details, see:
     - https://w1.fi/security/2019-1/
     - https://w1.fi/security/2019-2/
     - https://w1.fi/security/2019-3/
     - https://w1.fi/security/2019-4/
Checksums-Sha1:
 5456c87d021d278ecb99e0b88affc7447e7a8ed1 2312 wpa_2.7+git20190128+0c1e29f-4.dsc
 9cea2cc5f76eb412b524f4d06a6756c46793a4a6 100748 wpa_2.7+git20190128+0c1e29f-4.debian.tar.xz
Checksums-Sha256:
 8c7cc1abf2945f85dd2935fff8b6cfdb7d3058f2e116e18af2a24d22215a921e 2312 wpa_2.7+git20190128+0c1e29f-4.dsc
 d431bd4f6ed9cb68a63699af3686720e3adb64bb3d3ba0a1ada1fd5cb2853ad5 100748 wpa_2.7+git20190128+0c1e29f-4.debian.tar.xz
Files:
 0d0dd16b3e1311464fa95d3e688b5585 2312 net optional wpa_2.7+git20190128+0c1e29f-4.dsc
 63cbebc195dab44adc6ee03a8e362085 100748 net optional wpa_2.7+git20190128+0c1e29f-4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAlyuW+cACgkQXkCM2RzY
OdLicQf/cxl4bbBWwCxrrxFazCLkGUird3nfnrOr7wrUHtaVtjkueGtoKWFSPwgQ
pmJG/ZTUjR87s6p0aouKZZydSPZLUvygRDM76XsxhZYxr8y9/db4WVjcutlP9yOz
uz0iwsfQsMIxhOy6l8mTsVfK/kV6HOf6gBi6iGbk2eT8Jo2ckvEIboLhLlCrdQ7Y
Zz+XeW628Ekmj79ZnGnOaK1Ua4GZEktZHUXQhlUhw5divwWglgiShgxvY9Mos51K
Ul+vk4IBpUCV349uJ8tiN0xJRJy0bCnUIOi5qRQAwODOGPdCiBtRs4fVlom6f/QB
CUJfi+Ry/JrZORMcN1T6DCTX5YpXyg==
=kIaN
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 26 May 2019 07:25:10 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:03:06 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started