Ubuntu update for Linux firmware



Published: 2017-12-06
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2017-13080
CVE-2017-13081
CWE-ID CWE-320
Exploitation vector Local network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe 		Ubuntu
Operating systems & Components / Operating system

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Key management errors

EUVDB-ID: #VU8840

Risk: Medium

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13080

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

The vulnerability is dubbed "KRACK" attack.

Mitigation

Update the affected packages

Ubuntu 17.10:
scsi-firmware 1.169.1
nic-firmware 1.169.1
linux-firmware 1.169.1
Ubuntu 17.04:
scsi-firmware 1.164.2
nic-firmware 1.164.2
linux-firmware 1.164.2
Ubuntu 16.04 LTS:
scsi-firmware 1.157.14
nic-firmware 1.157.14
linux-firmware 1.157.14
Ubuntu 14.04 LTS:
scsi-firmware 1.127.24
nic-firmware 1.127.24
linux-firmware 1.127.24

Vulnerable software versions

Ubuntu: 14.04 - 17.10

External links

http://www.ubuntu.com/usn/usn-3505-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Key management errors

EUVDB-ID: #VU8841

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13081

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Update the affected packages

Ubuntu 17.10:
scsi-firmware 1.169.1
nic-firmware 1.169.1
linux-firmware 1.169.1
Ubuntu 17.04:
scsi-firmware 1.164.2
nic-firmware 1.164.2
linux-firmware 1.164.2
Ubuntu 16.04 LTS:
scsi-firmware 1.157.14
nic-firmware 1.157.14
linux-firmware 1.157.14
Ubuntu 14.04 LTS:
scsi-firmware 1.127.24
nic-firmware 1.127.24
linux-firmware 1.127.24

Vulnerable software versions

Ubuntu: 14.04 - 17.10

External links

http://www.ubuntu.com/usn/usn-3505-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###