var-201904-0381
Vulnerability from variot
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. WPA3 Protocol and hostapd When wpa_supplicant There are multiple vulnerabilities in the implementation of, and a remote attacker can obtain weak password information and privileges, as well as disrupt service operations. (DoS) An attack may be carried out. These vulnerabilities "Dragonblood" It is called. CERT/CC Then continue WPA3 The protocol is being verified. Discovered this time WPA3 Vulnerabilities related to the implementation of can be attributed to the protocol specification itself. WPA3 Is a key exchange protocol, Simultaneous Authentication of Equals (SAE) Is adopted. this is "Dragonfly Key Exchange" It is also called WPA2 In Pre-Shared Key (PSK) Acts as a protocol replacement. hostapd Is WPA3 Access point and authentication server daemon is. Also, wpa_supplicant Is WPA authenticator ( access point ) Implemented key exchange with supplicant ( client ) And WPA3 Is supported. hostapd When wpa_supplicant Both Extensible Authentication Protocol Password (EAP-PWD) When SAE Has the following vulnerabilities: Elliptic curve crypto group (ECC groups) Against SAE Cache-based attacks (SAE Side channel attack ) (CWE-208, CWE-524) - CVE-2019-9494 hostapd When wpa_supplicant In SAE The implementation is vulnerable to side-channel attacks due to observable timing differences and cache access patterns. Elliptic curve crypto group (ECC groups) Against EAP-PWD Cache-based attack (EAP-PWD Side channel attack ) (CWE-524) - CVE-2019-9495 hostapd When wpa_supplicant In SAE The implementation is vulnerable to side-channel attacks due to cache access patterns. SAE confirm Message validation is not performed during processing (CWE-642) - CVE-2019-9496 hostapd Process hostapd/AP When operating in mode SAE confirm Incomplete verification of message processing due to incorrect authentication sequence hostapd The process may end. EAP-PWD Peer In EAP-pwd-Commit Incorrect message validation (CWE-346) - CVE-2019-9499 wpa_supplicant (EAP Peer) In EAP-PWD In the implementation, the cryptographic library used for the build is EAP-pwd-Commit Message element value (EC point) If you do not implement the verification process for EAP-pwd-Commit Message scalar and element values are not validated. A side-channel attack captures information that can be used to recover passwords - CVE-2019-9494 * A weak password is obtained by a dictionary attack - CVE-2019-9495 This attack requires the authority to install and execute applications. Memory access pattern analysis is possible by observing the shared cache. hostapd/wpa_supplicant 2.7 And later versions CVE-2019-9494 Is not affected by the timing attack hostapd Process can be terminated ( Service operation interruption ) - CVE-2019-9496 *EAP-PWD Authentication is bypassed - CVE-2019-9497 Crypto library EC point If a verification process is implemented for an attacker, an attacker cannot acquire or exchange a session key * Illegal scalar / Session key is obtained using message with element value and authentication is bypassed - CVE-2019-9498, CVE-2019-9499. WPA is prone to multiple security weaknesses. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. A vulnerability in the EAP-pwd implementation of hostapd (EAP server) could allow an unauthenticated, adjacent malicious user to gain access to a targeted network.
The vendor has confirmed the vulnerability and released software updates. ========================================================================== Ubuntu Security Notice USN-3944-1 April 10, 2019
wpa vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in wpa_supplicant and hostapd.
Software Description: - wpa: client support for WPA and WPA2
Details:
It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. A remote attacker could possibly use this issue to perform a reflection attack and authenticate without the appropriate password. (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499)
It was discovered that hostapd incorrectly handled obtaining random numbers. In rare cases where the urandom device isn't available, it would fall back to using a low-quality PRNG. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10743)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: hostapd 2:2.6-18ubuntu1.1 wpasupplicant 2:2.6-18ubuntu1.1
Ubuntu 18.04 LTS: hostapd 2:2.6-15ubuntu2.2 wpasupplicant 2:2.6-15ubuntu2.2
Ubuntu 16.04 LTS: hostapd 2.4-0ubuntu6.4 wpasupplicant 2.4-0ubuntu6.4
Ubuntu 14.04 LTS: hostapd 2.1-0ubuntu1.7 wpasupplicant 2.1-0ubuntu1.7
After a standard system update you need to reboot your computer to make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3944-1 CVE-2016-10743, CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499
Package Information: https://launchpad.net/ubuntu/+source/wpa/2:2.6-18ubuntu1.1 https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.2 https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.4 https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.7 . These vulnerability are also collectively known as "Dragonblood".
CVE-2019-9495
Cache-based side-channel attack against the EAP-pwd implementation: an
attacker able to run unprivileged code on the target machine (including for
example javascript code in a browser on a smartphone) during the handshake
could deduce enough information to discover the password in a dictionary
attack.
CVE-2019-9498
EAP-pwd server missing commit validation for scalar/element: hostapd
doesn't validate values received in the EAP-pwd-Commit message, so an
attacker could use a specially crafted commit message to manipulate the
exchange in order for hostapd to derive a session key from a limited set of
possible values.
CVE-2019-9499
EAP-pwd peer missing commit validation for scalar/element: wpa_supplicant
doesn't validate values received in the EAP-pwd-Commit message, so an
attacker could use a specially crafted commit message to manipulate the
exchange in order for wpa_supplicant to derive a session key from a limited
set of possible values. This could result in an attacker being able to
complete authentication and operate as a rogue AP.
Note that the Dragonblood moniker also applies to CVE-2019-9494 and CVE-2014-9496 which are vulnerabilities in the SAE protocol in WPA3. SAE is not enabled in Debian stretch builds of wpa, which is thus not vulnerable by default.
Due to the complexity of the backporting process, the fix for these vulnerabilities are partial. Users are advised to use strong passwords to prevent dictionary attacks or use a 2.7-based version from stretch-backports (version above 2:2.7+git20190128+0c1e29f-4).
For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u3.
We recommend that you upgrade your wpa packages.
For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlyu2lQACgkQ3rYcyPpX RFtamggAlq8telLPhKzD1+Ns+Pci+Y+WkOAmUpn4XQ0TOmG18sDU1iS2xNHF+buA lXVKLp7zgE4VFJsclHAJXtp8anyo7YU99NzUcSF6vboRm3msifL4eE3S7IS9fAaH 0WWCHwlHMf9IGHqBn9mkwiYySwlId8ps3lvoVV2EOB4wJqa4Y6d4YrqPyFzWop56 jKTlTcJqvQBUFo/y9In/sx8QgONhNwnNAKcrBfiVwn8QHuMRA4c4UJz+NN38ctyt djA/zqT/uXwWhr8Mfl7J+rfdsC5TFPl45qr/gbmB7GRlU2la0dGJv/l0afbINrrG NoAgpOeMrwijIdDJ9vG6O3YVV6bIkg==OkO5 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-19:03.wpa Security Advisory The FreeBSD Project
Topic: Multiple vulnerabilities in hostapd and wpa_supplicant
Category: contrib Module: wpa Announced: 2019-05-14 Affects: All supported versions of FreeBSD. Corrected: 2019-05-01 01:42:38 UTC (stable/12, 12.0-STABLE) 2019-05-14 22:57:29 UTC (releng/12.0, 12.0-RELEASE-p4) 2019-05-01 01:43:17 UTC (stable/11, 11.2-STABLE) 2019-05-14 22:59:32 UTC (releng/11.2, 11.2-RELEASE-p10) CVE Name: CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, CVE-2019-11555
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I. Background
Wi-Fi Protected Access II (WPA2) is a security protocol developed by the Wi-Fi Alliance to secure wireless computer networks.
hostapd(8) and wpa_supplicant(8) are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol.
II. Problem Description
Multiple vulnerabilities exist in the hostapd(8) and wpa_supplicant(8) implementations. For more details, please see the reference URLs in the References section below.
III. Impact
Security of the wireless network may be compromised. For more details, please see the reference URLS in the References section below.
IV. Workaround
No workaround is available, but systems not using hostapd(8) or wpa_supplicant(8) are not affected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
Afterwards, restart hostapd(8) or wpa_supplicant(8).
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
Afterwards, restart hostapd(8) or wpa_supplicant(8).
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 12.0]
fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch
fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch.asc
gpg --verify wpa-12.patch.asc
[FreeBSD 11.2]
fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch
fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch.asc
gpg --verify wpa-11.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart the applicable daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/12/ r346980 releng/12.0/ r347587 stable/11/ r346981 releng/11.2/ r347588
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTrVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cLsaA/9EB577JYdYdwFCOQ6TiOVhyluLJzgrhG3aiXeBntj8ytkRjcXKnP0aega 3G2R1do7pixVYUF52OWJwaNO3Hm+LHMngiOqujcLI+49ISI3T/APaU/D2dqmXVb8 nN/Pd+0HDGj3R3MwyyHT8/3fX0pJ395vcQhYb61M6PUSrwr8uiBbILT57iCadZoL F4KOCvRv7I4EFWXvqngGfeohZbbeHPBga2DwuebWR/E/1uWrMKEOF2pvh4b6ZSN2 pdr7ZHMiL1cZt+p+2gwWoqDWyD93u2lTC7Gmo3Vom+meH7eaQ79obXEN541aiQ04 CYhjkwuW5uNGUWCO/Xsfn5gqICeB1G5A/aBHQlAyVgUGia8jukL1jn3ga4AQgKrN h9aTmvrQs17PjMVtq81ZS0xm0ztW0Y6t2A9fRgGcnOOw+uy5tHMbJaKSMy8x97NT gUyXtoyu47tjjMrzsQcma2t6/+iCEDuW1P1LybSmv/v59gro9uveCdl0busgM9GS M5bpWK/qYQS1HYmYeTKMRynmD8ntRbflYoUP/SpijHsz+56rgyeJO12WyltyT32f j5fgnKaznW/UPtgmK0wnPIG9XEj3Nzs4C4cypO5t8OiuLEli4wRdb6MYlvEjq4la R3lnCzmTd9sg+K6cod2qWWSYdsdEwizcpQDp7M9lRqomiANLqJ4= =MXma -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0381",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "hostapd",
"scope": "lte",
"trust": 1.0,
"vendor": "w1 fi",
"version": "2.4"
},
{
"model": "router manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "1.2"
},
{
"model": "backports sle",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "wpa supplicant",
"scope": "lte",
"trust": 1.0,
"vendor": "w1 fi",
"version": "2.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "11.2"
},
{
"model": "hostapd",
"scope": "gte",
"trust": 1.0,
"vendor": "w1 fi",
"version": "2.5"
},
{
"model": "hostapd",
"scope": "lte",
"trust": 1.0,
"vendor": "w1 fi",
"version": "2.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "12.0"
},
{
"model": "wpa supplicant",
"scope": "gte",
"trust": 1.0,
"vendor": "w1 fi",
"version": "2.5"
},
{
"model": "freebsd",
"scope": "gte",
"trust": 1.0,
"vendor": "freebsd",
"version": "11.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "28"
},
{
"model": "radius server",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.0"
},
{
"model": "freebsd",
"scope": "lte",
"trust": 1.0,
"vendor": "freebsd",
"version": "11.1"
},
{
"model": "wpa supplicant",
"scope": "lte",
"trust": 1.0,
"vendor": "w1 fi",
"version": "2.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freeradius",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "wpa supplicant",
"scope": "eq",
"trust": 0.3,
"vendor": "w1 fi",
"version": "0"
},
{
"model": "hostapd",
"scope": "eq",
"trust": 0.3,
"vendor": "w1 fi",
"version": "0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#871675"
},
{
"db": "BID",
"id": "108401"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002625"
},
{
"db": "NVD",
"id": "CVE-2019-9498"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.7",
"versionStartIncluding": "2.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.7",
"versionStartIncluding": "2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:radius_server:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.1",
"versionStartIncluding": "11.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9498"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "152481"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-585"
}
],
"trust": 0.7
},
"cve": "CVE-2019-9498",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 7.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-002625",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-160933",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-9498",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-002625",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9498",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2019-002625",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-585",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160933",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-9498",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160933"
},
{
"db": "VULMON",
"id": "CVE-2019-9498"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002625"
},
{
"db": "NVD",
"id": "CVE-2019-9498"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-585"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. WPA3 Protocol and hostapd When wpa_supplicant There are multiple vulnerabilities in the implementation of, and a remote attacker can obtain weak password information and privileges, as well as disrupt service operations. (DoS) An attack may be carried out. These vulnerabilities \"Dragonblood\" It is called. CERT/CC Then continue WPA3 The protocol is being verified. Discovered this time WPA3 Vulnerabilities related to the implementation of can be attributed to the protocol specification itself. WPA3 Is a key exchange protocol, Simultaneous Authentication of Equals (SAE) Is adopted. this is \"Dragonfly Key Exchange\" It is also called WPA2 In Pre-Shared Key (PSK) Acts as a protocol replacement. hostapd Is WPA3 Access point and authentication server daemon is. Also, wpa_supplicant Is WPA authenticator ( access point ) Implemented key exchange with supplicant ( client ) And WPA3 Is supported. hostapd When wpa_supplicant Both Extensible Authentication Protocol Password (EAP-PWD) When SAE Has the following vulnerabilities: Elliptic curve crypto group (ECC groups) Against SAE Cache-based attacks (SAE Side channel attack ) (CWE-208, CWE-524) - CVE-2019-9494 hostapd When wpa_supplicant In SAE The implementation is vulnerable to side-channel attacks due to observable timing differences and cache access patterns. Elliptic curve crypto group (ECC groups) Against EAP-PWD Cache-based attack (EAP-PWD Side channel attack ) (CWE-524) - CVE-2019-9495 hostapd When wpa_supplicant In SAE The implementation is vulnerable to side-channel attacks due to cache access patterns. SAE confirm Message validation is not performed during processing (CWE-642) - CVE-2019-9496 hostapd Process hostapd/AP When operating in mode SAE confirm Incomplete verification of message processing due to incorrect authentication sequence hostapd The process may end. EAP-PWD Peer In EAP-pwd-Commit Incorrect message validation (CWE-346) - CVE-2019-9499 wpa_supplicant (EAP Peer) In EAP-PWD In the implementation, the cryptographic library used for the build is EAP-pwd-Commit Message element value (EC point) If you do not implement the verification process for EAP-pwd-Commit Message scalar and element values are not validated.* A side-channel attack captures information that can be used to recover passwords - CVE-2019-9494 * A weak password is obtained by a dictionary attack - CVE-2019-9495 This attack requires the authority to install and execute applications. Memory access pattern analysis is possible by observing the shared cache. hostapd/wpa_supplicant 2.7 And later versions CVE-2019-9494 Is not affected by the timing attack *hostapd Process can be terminated ( Service operation interruption ) - CVE-2019-9496 *EAP-PWD Authentication is bypassed - CVE-2019-9497 Crypto library EC point If a verification process is implemented for an attacker, an attacker cannot acquire or exchange a session key * Illegal scalar / Session key is obtained using message with element value and authentication is bypassed - CVE-2019-9498, CVE-2019-9499. WPA is prone to multiple security weaknesses. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. A vulnerability in the EAP-pwd implementation of hostapd (EAP server) could allow an unauthenticated, adjacent malicious user to gain access to a targeted network. \n\nThe vendor has confirmed the vulnerability and released software updates. ==========================================================================\nUbuntu Security Notice USN-3944-1\nApril 10, 2019\n\nwpa vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in wpa_supplicant and hostapd. \n\nSoftware Description:\n- wpa: client support for WPA and WPA2\n\nDetails:\n\nIt was discovered that wpa_supplicant and hostapd were vulnerable to a\nside channel attack against EAP-pwd. A remote attacker could possibly use\nthis issue to recover certain passwords. A\nremote attacker could possibly use this issue to perform a reflection\nattack and authenticate without the appropriate password. (CVE-2019-9497,\nCVE-2019-9498, CVE-2019-9499)\n\nIt was discovered that hostapd incorrectly handled obtaining random\nnumbers. In rare cases where the urandom device isn\u0027t available, it would\nfall back to using a low-quality PRNG. This issue only affected Ubuntu\n14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10743)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n hostapd 2:2.6-18ubuntu1.1\n wpasupplicant 2:2.6-18ubuntu1.1\n\nUbuntu 18.04 LTS:\n hostapd 2:2.6-15ubuntu2.2\n wpasupplicant 2:2.6-15ubuntu2.2\n\nUbuntu 16.04 LTS:\n hostapd 2.4-0ubuntu6.4\n wpasupplicant 2.4-0ubuntu6.4\n\nUbuntu 14.04 LTS:\n hostapd 2.1-0ubuntu1.7\n wpasupplicant 2.1-0ubuntu1.7\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n https://usn.ubuntu.com/usn/usn-3944-1\n CVE-2016-10743, CVE-2019-9495, CVE-2019-9497, CVE-2019-9498,\n CVE-2019-9499\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/wpa/2:2.6-18ubuntu1.1\n https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.2\n https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.4\n https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.7\n. These vulnerability are also collectively\nknown as \"Dragonblood\". \n\nCVE-2019-9495\n\n Cache-based side-channel attack against the EAP-pwd implementation: an\n attacker able to run unprivileged code on the target machine (including for\n example javascript code in a browser on a smartphone) during the handshake\n could deduce enough information to discover the password in a dictionary\n attack. \n\nCVE-2019-9498\n\n EAP-pwd server missing commit validation for scalar/element: hostapd\n doesn\u0027t validate values received in the EAP-pwd-Commit message, so an\n attacker could use a specially crafted commit message to manipulate the\n exchange in order for hostapd to derive a session key from a limited set of\n possible values. \n\nCVE-2019-9499\n\n EAP-pwd peer missing commit validation for scalar/element: wpa_supplicant\n doesn\u0027t validate values received in the EAP-pwd-Commit message, so an\n attacker could use a specially crafted commit message to manipulate the\n exchange in order for wpa_supplicant to derive a session key from a limited\n set of possible values. This could result in an attacker being able to\n complete authentication and operate as a rogue AP. \n\nNote that the Dragonblood moniker also applies to CVE-2019-9494 and\nCVE-2014-9496 which are vulnerabilities in the SAE protocol in WPA3. SAE is not\nenabled in Debian stretch builds of wpa, which is thus not vulnerable by default. \n\nDue to the complexity of the backporting process, the fix for these\nvulnerabilities are partial. Users are advised to use strong passwords to\nprevent dictionary attacks or use a 2.7-based version from stretch-backports\n(version above 2:2.7+git20190128+0c1e29f-4). \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:2.4-1+deb9u3. \n\nWe recommend that you upgrade your wpa packages. \n\nFor the detailed security status of wpa please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlyu2lQACgkQ3rYcyPpX\nRFtamggAlq8telLPhKzD1+Ns+Pci+Y+WkOAmUpn4XQ0TOmG18sDU1iS2xNHF+buA\nlXVKLp7zgE4VFJsclHAJXtp8anyo7YU99NzUcSF6vboRm3msifL4eE3S7IS9fAaH\n0WWCHwlHMf9IGHqBn9mkwiYySwlId8ps3lvoVV2EOB4wJqa4Y6d4YrqPyFzWop56\njKTlTcJqvQBUFo/y9In/sx8QgONhNwnNAKcrBfiVwn8QHuMRA4c4UJz+NN38ctyt\ndjA/zqT/uXwWhr8Mfl7J+rfdsC5TFPl45qr/gbmB7GRlU2la0dGJv/l0afbINrrG\nNoAgpOeMrwijIdDJ9vG6O3YVV6bIkg==OkO5\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-19:03.wpa Security Advisory\n The FreeBSD Project\n\nTopic: Multiple vulnerabilities in hostapd and wpa_supplicant\n\nCategory: contrib\nModule: wpa\nAnnounced: 2019-05-14\nAffects: All supported versions of FreeBSD. \nCorrected: 2019-05-01 01:42:38 UTC (stable/12, 12.0-STABLE)\n 2019-05-14 22:57:29 UTC (releng/12.0, 12.0-RELEASE-p4)\n 2019-05-01 01:43:17 UTC (stable/11, 11.2-STABLE)\n 2019-05-14 22:59:32 UTC (releng/11.2, 11.2-RELEASE-p10)\nCVE Name: CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497,\n CVE-2019-9498, CVE-2019-9499, CVE-2019-11555\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI. Background\n\nWi-Fi Protected Access II (WPA2) is a security protocol developed by the\nWi-Fi Alliance to secure wireless computer networks. \n\nhostapd(8) and wpa_supplicant(8) are implementations of user space daemon for\naccess points and wireless client that implements the WPA2 protocol. \n\nII. Problem Description\n\nMultiple vulnerabilities exist in the hostapd(8) and wpa_supplicant(8)\nimplementations. For more details, please see the reference URLs in the\nReferences section below. \n\nIII. Impact\n\nSecurity of the wireless network may be compromised. For more details,\nplease see the reference URLS in the References section below. \n\nIV. Workaround\n\nNo workaround is available, but systems not using hostapd(8) or\nwpa_supplicant(8) are not affected. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nAfterwards, restart hostapd(8) or wpa_supplicant(8). \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nAfterwards, restart hostapd(8) or wpa_supplicant(8). \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 12.0]\n# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch\n# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch.asc\n# gpg --verify wpa-12.patch.asc\n\n[FreeBSD 11.2]\n# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch\n# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch.asc\n# gpg --verify wpa-11.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the applicable daemons, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/12/ r346980\nreleng/12.0/ r347587\nstable/11/ r346981\nreleng/11.2/ r347588\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://w1.fi/security/2019-1\u003e\n\u003cURL:https://w1.fi/security/2019-2\u003e\n\u003cURL:https://w1.fi/security/2019-3\u003e\n\u003cURL:https://w1.fi/security/2019-4\u003e\n\u003cURL:https://w1.fi/security/2019-5\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9494\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9496\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11555\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\u003e\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTrVfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD\nMEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n\n5cLsaA/9EB577JYdYdwFCOQ6TiOVhyluLJzgrhG3aiXeBntj8ytkRjcXKnP0aega\n3G2R1do7pixVYUF52OWJwaNO3Hm+LHMngiOqujcLI+49ISI3T/APaU/D2dqmXVb8\nnN/Pd+0HDGj3R3MwyyHT8/3fX0pJ395vcQhYb61M6PUSrwr8uiBbILT57iCadZoL\nF4KOCvRv7I4EFWXvqngGfeohZbbeHPBga2DwuebWR/E/1uWrMKEOF2pvh4b6ZSN2\npdr7ZHMiL1cZt+p+2gwWoqDWyD93u2lTC7Gmo3Vom+meH7eaQ79obXEN541aiQ04\nCYhjkwuW5uNGUWCO/Xsfn5gqICeB1G5A/aBHQlAyVgUGia8jukL1jn3ga4AQgKrN\nh9aTmvrQs17PjMVtq81ZS0xm0ztW0Y6t2A9fRgGcnOOw+uy5tHMbJaKSMy8x97NT\ngUyXtoyu47tjjMrzsQcma2t6/+iCEDuW1P1LybSmv/v59gro9uveCdl0busgM9GS\nM5bpWK/qYQS1HYmYeTKMRynmD8ntRbflYoUP/SpijHsz+56rgyeJO12WyltyT32f\nj5fgnKaznW/UPtgmK0wnPIG9XEj3Nzs4C4cypO5t8OiuLEli4wRdb6MYlvEjq4la\nR3lnCzmTd9sg+K6cod2qWWSYdsdEwizcpQDp7M9lRqomiANLqJ4=\n=MXma\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9498"
},
{
"db": "CERT/CC",
"id": "VU#871675"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002625"
},
{
"db": "BID",
"id": "108401"
},
{
"db": "VULHUB",
"id": "VHN-160933"
},
{
"db": "VULMON",
"id": "CVE-2019-9498"
},
{
"db": "PACKETSTORM",
"id": "152477"
},
{
"db": "PACKETSTORM",
"id": "152481"
},
{
"db": "PACKETSTORM",
"id": "152914"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9498",
"trust": 3.2
},
{
"db": "CERT/CC",
"id": "VU#871675",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU94228755",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002625",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-585",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152481",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.0047",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1258",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2875",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4125",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1775",
"trust": 0.6
},
{
"db": "BID",
"id": "108401",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-160933",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-9498",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152477",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152914",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#871675"
},
{
"db": "VULHUB",
"id": "VHN-160933"
},
{
"db": "VULMON",
"id": "CVE-2019-9498"
},
{
"db": "BID",
"id": "108401"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002625"
},
{
"db": "PACKETSTORM",
"id": "152477"
},
{
"db": "PACKETSTORM",
"id": "152481"
},
{
"db": "PACKETSTORM",
"id": "152914"
},
{
"db": "NVD",
"id": "CVE-2019-9498"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-585"
}
]
},
"id": "VAR-201904-0381",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160933"
}
],
"trust": 0.725
},
"last_update_date": "2023-12-18T11:11:24.665000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WPA Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91397"
},
{
"title": "Ubuntu Security Notice: wpa vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3944-1"
},
{
"title": "Debian CVElist Bug Report Logs: src:wpa: multiples vulnerabilities in SAE and EAP-pwd code in wpa",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=39e042d68cbe59a677ae53b8328d282d"
},
{
"title": "Debian Security Advisories: DSA-4430-1 wpa -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=81a56edb299848e0579a7dd950bd73ba"
},
{
"title": "Brocade Security Advisories: BSA-2019-777",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=9f89054fc8bab7a9de83cce34e487404"
},
{
"title": "Fortinet Security Advisories: Dragonblood vulnerabilities in WiFi WPA3 standard implementation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=fg-ir-19-107"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-9498"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-585"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160933"
},
{
"db": "NVD",
"id": "CVE-2019-9498"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://w1.fi/security/2019-4/"
},
{
"trust": 2.4,
"url": "https://security.freebsd.org/advisories/freebsd-sa-19:03.wpa.asc"
},
{
"trust": 1.9,
"url": "https://wpa3.mathyvanhoef.com/"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/may/40"
},
{
"trust": 1.8,
"url": "https://www.synology.com/security/advisory/synology_sa_19_16"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
},
{
"trust": 1.6,
"url": "https://w1.fi/security/"
},
{
"trust": 1.6,
"url": "https://w1.fi/security/2019-1/"
},
{
"trust": 1.6,
"url": "https://w1.fi/security/2019-2/"
},
{
"trust": 1.6,
"url": "https://w1.fi/security/2019-3/"
},
{
"trust": 1.6,
"url": "https://w1.fi/hostapd/"
},
{
"trust": 1.6,
"url": "https://w1.fi/cgit/hostap/log/"
},
{
"trust": 1.6,
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9498"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56obbojjskrtdgexzovfstp4hdsdblae/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/svmjofeybgxzlff5iolw67ssopkfejp3/"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9495"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9499"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9497"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56obbojjskrtdgexzovfstp4hdsdblae/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/svmjofeybgxzlff5iolw67ssopkfejp3/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tdozgr3t7fvo5jszwk2qpr7aofiejtiz/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9494"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9496"
},
{
"trust": 0.8,
"url": "https://w1.fi/wpa_supplicant/ "
},
{
"trust": 0.8,
"url": "https://freeradius.org/security/"
},
{
"trust": 0.8,
"url": "https://en.avm.de/service/current-security-notifications/"
},
{
"trust": 0.8,
"url": "https://www.lancom-systems.com/service-support/instant-help/general-security-information/"
},
{
"trust": 0.8,
"url": "https://github.com/openssl/openssl/pull/8750"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tdozgr3t7fvo5jszwk2qpr7aofiejtiz/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9497"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9498"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9499"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9494"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9495"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9496"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94228755/"
},
{
"trust": 0.8,
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"trust": 0.8,
"url": "https://w1.fi/wpa_supplicant/"
},
{
"trust": 0.6,
"url": "https://security-tracker.debian.org/tracker/dla-1867-1"
},
{
"trust": 0.6,
"url": "http://www.debian.org/security/2019/dsa-4430"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-19-107"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0047/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4125/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/wpa-supplicant-four-vulnerabilities-29006"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152481/debian-security-advisory-4430-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/81182"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78946"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2875/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1775/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699164"
},
{
"trust": 0.3,
"url": "https://w1.fi"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9497"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9498"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9499"
},
{
"trust": 0.3,
"url": "https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt"
},
{
"trust": 0.3,
"url": "https://www.freebsd.org/security/advisories/freebsd-sa-19:03.wpa.asc"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699168"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699170"
},
{
"trust": 0.3,
"url": "https://usn.ubuntu.com/3944-1"
},
{
"trust": 0.3,
"url": "https://seclists.org/oss-sec/2019/q2/19"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/debian-cve-2019-9498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3944-1/"
},
{
"trust": 0.1,
"url": "https://www.kb.cert.org/vuls/id/871675"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59995"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3944-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2:2.6-18ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10743"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.4"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpa"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11555\u003e"
},
{
"trust": 0.1,
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-19:03/wpa-11.patch.asc"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9494\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9497\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-19:03/wpa-12.patch.asc"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9499\u003e"
},
{
"trust": 0.1,
"url": "https://w1.fi/security/2019-1\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "https://w1.fi/security/2019-4\u003e"
},
{
"trust": 0.1,
"url": "https://w1.fi/security/2019-5\u003e"
},
{
"trust": 0.1,
"url": "https://w1.fi/security/2019-2\u003e"
},
{
"trust": 0.1,
"url": "https://w1.fi/security/2019-3\u003e"
},
{
"trust": 0.1,
"url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-19:03/wpa-11.patch"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9496\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-19:03.wpa.asc\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9495\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9498\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-19:03/wpa-12.patch"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#871675"
},
{
"db": "VULHUB",
"id": "VHN-160933"
},
{
"db": "VULMON",
"id": "CVE-2019-9498"
},
{
"db": "BID",
"id": "108401"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002625"
},
{
"db": "PACKETSTORM",
"id": "152477"
},
{
"db": "PACKETSTORM",
"id": "152481"
},
{
"db": "PACKETSTORM",
"id": "152914"
},
{
"db": "NVD",
"id": "CVE-2019-9498"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-585"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#871675"
},
{
"db": "VULHUB",
"id": "VHN-160933"
},
{
"db": "VULMON",
"id": "CVE-2019-9498"
},
{
"db": "BID",
"id": "108401"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002625"
},
{
"db": "PACKETSTORM",
"id": "152477"
},
{
"db": "PACKETSTORM",
"id": "152481"
},
{
"db": "PACKETSTORM",
"id": "152914"
},
{
"db": "NVD",
"id": "CVE-2019-9498"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-585"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-12T00:00:00",
"db": "CERT/CC",
"id": "VU#871675"
},
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-160933"
},
{
"date": "2019-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9498"
},
{
"date": "2019-04-10T00:00:00",
"db": "BID",
"id": "108401"
},
{
"date": "2019-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002625"
},
{
"date": "2019-04-11T14:08:48",
"db": "PACKETSTORM",
"id": "152477"
},
{
"date": "2019-04-11T14:10:46",
"db": "PACKETSTORM",
"id": "152481"
},
{
"date": "2019-05-15T15:30:08",
"db": "PACKETSTORM",
"id": "152914"
},
{
"date": "2019-04-17T14:29:04.010000",
"db": "NVD",
"id": "CVE-2019-9498"
},
{
"date": "2019-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-585"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-05T00:00:00",
"db": "CERT/CC",
"id": "VU#871675"
},
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-160933"
},
{
"date": "2020-10-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9498"
},
{
"date": "2019-04-10T00:00:00",
"db": "BID",
"id": "108401"
},
{
"date": "2019-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002625"
},
{
"date": "2023-11-07T03:13:41.157000",
"db": "NVD",
"id": "CVE-2019-9498"
},
{
"date": "2020-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-585"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "152477"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-585"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant",
"sources": [
{
"db": "CERT/CC",
"id": "VU#871675"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-585"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.