Skip to content

Home 特別報告
Special Alerts


WPA3 存在多個漏洞: "Dragonblood"
週三, 17 四月 2019 12:00

漏洞描述:
研究人員已發現 WPA3 中兩類型的設計缺陷 -第一類將導致降級攻擊而第二類將導致側通道信息洩漏。遠程攻擊者可能破解強度較弱的密碼、造成拒絕服務的情形、或取得完整權限,這些漏洞的集合代號亦被稱為 Dragonblood。

CVE 編號:
CVE-2019-9494/CVE-2019-9495/CVE-2019-9496/CVE-2019-9497/CVE-2019-9498/CVE-2019-9499。

影響:
對 WPA3-Transtition 模式的降級攻擊可能使攻擊者進行字典攻擊,而針對 Dragonfly 交握則可能受到安全群組降級攻擊、基於時間的側通道攻擊、基於緩存的側通道攻擊、與拒絕服務攻擊,攻擊者可由側通道洩漏的信息來恢復密碼。

解決方式:
將 wpa_supplicant 與 hostapd 更新至版本 2.8。

緩解方式:
目前可行的緩解方式如下:
CVE-2019-9494 https://w1.fi/security/2019-1/
CVE-2019-9495 https://w1.fi/security/2019-2/
CVE-2019-9496 https://w1.fi/security/2019-3/
CVE-2019-9497 https://w1.fi/security/2019-4/
CVE-2019-9498 https://w1.fi/security/2019-4/
CVE-2019-9499 https://w1.fi/security/2019-4/

參考資料:
https://www.kb.cert.org/vuls/id/871675/
https://wpa3.mathyvanhoef.com/
https://papers.mathyvanhoef.com/dragonblood.pdf

 
EFAIL 攻擊: OpenPGP 及 S/MIME 漏洞導致加密電子郵件的明文洩漏
週三, 16 五月 2018 15:00

漏洞及攻擊描述:
OpenPGP (Pretty Good Privacy) 及 S/MIME (Secure/Multipurpose Internet Mail Extensions) 皆為用來進行電子郵件數位簽章、加密及解密的標準。EFAIL 攻擊係利用 OpenPGP 及 S/MIME 標準之電子郵件客戶端存在的漏洞獲取加密電子郵件的明文。當電子郵件客戶端設定為自動解密收到的電子郵件內容及自動載入外部資料,攻擊者可利用此機制,藉由寄送修改的相同加密電子郵件內容給受害者來竊取明文信息。


CVE編號:
CVE-2017-17688: OpenPGP CFB 攻擊
CVE-2017-17689: S/MIME CBC 攻擊

受影響系統:
支援 OpenPGP 或 S/MIME 標準的電子郵件客戶端都可能受到 EFAIL 攻擊。詳細漏洞解析及受影響的電子郵件客戶端可參考以下論文(https://efail.de/efail-attack-paper.pdf)。

防範措施:
使用者建議依照以下方式降低受到 EFAIL 攻擊的風險:
‧使用電子郵件客戶端以外的應用程序解密 S/MIME 或 PGP 加密的電子郵件
‧停用 HTML 算繪 (HTML rendering)
‧停用遠程內容載入(Remote Content Loading)
‧安裝電子郵件客戶端供應商所提供的補丁

參考資料:
https://efail.de/
https://efail.de/efail-attack-paper.pdf
https://www.kb.cert.org/vuls/id/122919

 
Meltdown 與 Spectre 攻擊
週日, 07 一月 2018 00:00

漏洞及攻擊描述:
"Meltdown" 與 "Spectre" 攻擊是針對目前處理器存在的硬體漏洞來進行利用。 "Meltdown" 允許攻擊者讀取目標系統中任意內核內存空間或任意實體記憶體空間 。"Spectre" 則允許攻擊者利用任一程序泄漏儲存於記憶體中的敏感信息。

CVE編號:
CVE-2017-5753/CVE-2017-5715/CVE-2017-5754

受影響系統:
系統配置的處理器若允許亂序執行指令,或系統所使用的作業系統未進行更新都可能受到 Meltdown 攻擊。此系統可能是桌上型電腦,筆電,及雲端電腦等。系統配置的處理器若在分支預測中採用推測執行則可能受到 Spectre 攻擊。此系統可能是桌上型電腦,筆電,及雲端服務器及智慧型手機等。

防範措施:
使用者應進快讓所有受影響的裝置安裝可用的更新。

  • Windows: Microsoft 於一月份已發佈可用的安全更新及相關更新指引
  • MacOS: Apple 上個月發佈的 macOS High Sierra 10.13.2 更新中已修正部分問題, 並將在 MacOS 10.13.3 中提升或完善其解決方案。
  • Linux: 多數 Linux 開發者都已經發佈更新,利用內核頁表隔離 (KPTI)技術,將內核空間與用戶空間完全隔離以解決信息泄露的問題。
  • Android: Google 已在 Android 一月份安全補丁中發佈 Pixel/Nexus 的安全更新。其他 Android 使用者須等候其所屬的裝置製造商發佈可用的更新。
  • Firefox 瀏覽器: Mozilla 發佈的 Firefox 57.0.4 已可防止 Meltdown 與 Spectre 的時序攻擊。建議使用者盡快更新至該版本。
  • Google Chrome 瀏覽器: Google 已計畫於一月二十三日發佈 Chrome 64 來保護桌上型電腦及行動裝置安裝的 Chrome 瀏覽器免於受到 Meltdown 與 Spectre 的攻擊。
  • VMware: VMware 已發佈受影響的產品清單及 ESXi, Workstation 與 Fusion 等產品對於避免受到 Meltdown 攻擊的安全更新

參考資料:
https://meltdownattack.com/
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://thehackernews.com/2018/01/meltdown-spectre-patches.html
https://www.kb.cert.org/vuls/id/584653

 
WPA2 密鑰重裝漏洞

Description:
Key reinstallation attacks or "KRACK" attacks were reported in the WPA2 Wi-Fi protocol. An attacker within range of an affected AP and client may be able to conduct attacks including arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.

CVE Number:
CVE-2017-13077: Reinstallation of the pairwise key in the Four-way handshake
CVE-2017-13078: Reinstallation of the group key in the Four-way handshake
CVE-2017-13079: Reinstallation of the integrity group key in the Four-way handshake
CVE-2017-13080: Reinstallation of the group key in the Group Key handshake
CVE-2017-13081: Reinstallation of the integrity group key in the Group Key handshake
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake
CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame


Systems Affected:
The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any Wi-Fi device that uses WPA2 is likely affected.

Mitigation:
1. Users are advised to install updates to affected devices as they are available or contact your vendors directly for update information.

Reference:
https://www.krackattacks.com/
http://www.kb.cert.org/vuls/id/228519

 
藍芽漏洞 - "BlueBorne"
週三, 13 九月 2017 21:19

Description:
Eight Bluetooth vulnerabilities, dubbed Blueborne, affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, impacting almost all Bluetooth device types, including smartphones,laptops,IoT devices, and smart cars.
Three of these eight security flaws are rated critical and according to researchers at Armis, the IoT security company that discovered BlueBorne, these vulnerabilities allow attackers to take over devices and execute malicious code, or perform Man-in-the-Middle attacks and intercept Bluetooth communications. Blueborne doesn’t require devices to be paired with the malicious device, or even be set in discoverable mode

CVE Number:
CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, and CVE-2017-0785 for Android devices;
CVE-2017-1000251 and CVE-2017-1000250 for Linux;
CVE-2017-14315 for iOS, and
CVE-2017-8628 on Windows.

Systems Affected:
Windows versions since Windows Vista are all affected. Windows Phone was not vulnerable to BlueBorne. Microsoft has released patches in July for CVE-2017-8628, the details about the fixed vulnerability has been provided in September's Patch Tuesday.

All Linux devices running BlueZ are affected by an information leak, while all Linux devices from version 3.3-rc1 (released in October 2011) are affected by a remote code execution flaw that can be exploited via Bluetooth. Samsung's Tizen OS, based on Linux, is also affected.

All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected, but the issue was patched in iOS 10.

Prevention:
1. Disable Bluetooth immediately. After applying the patch or update on your device, you should be able to turn Bluetooth on.
2. Users of Android devices can determine if their device is vulnerable by downloading the BlueBorne Android App on the Google Play Store and use it to run a simple and quick check.

Reference:
https://www.bleepingcomputer.com/news/security/blueborne-vulnerabilities-impact-over-5-billion-bluetooth-enabled-devices/
https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required/

最近更新在 週一, 30 十月 2017 12:22
 
第1頁,共3頁
[YOUR IP: 54.162.151.77: 36760] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...