Synology-SA-17:60 KRACK

Publish Time: 2017-10-16 19:38:38 UTC+8

Last Updated: 2018-01-12 15:31:26 UTC+8

Severity
Important
Status
Resolved

Abstract

Multiple security vulnerabilities have been found in WPA2 protocol, and might allow man-in-the-middle attackers to hijack the entire network traffic through a vulnerable version of Synology DiskStation Manager (DSM) or Synology Router Manager (SRM).

These vulnerabilities do not affect Synology DiskStation Manager (DSM) on devices without a Wi-Fi dongle installed.

Severity

Affected

  • Products
    • DSM 6.1
    • DSM 6.0
    • DSM 5.2
    • SRM 1.1
  • Models
    • All Synology models

Description

  • CVE-2017-13077
    Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
  • CVE-2017-13078
    Reinstallation of the group key (GTK) in the 4-way handshake.
  • CVE-2017-13079
    Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
  • CVE-2017-13080
    Reinstallation of the group key (GTK) in the group key handshake.
  • CVE-2017-13081
    Reinstallation of the integrity group key (IGTK) in the group key handshake.
  • CVE-2017-13082
    Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
  • CVE-2017-13084
    Reinstallation of the STK key in the PeerKey handshake.
  • CVE-2017-13086
    Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
  • CVE-2017-13087
    Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  • CVE-2017-13088
    Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

Mitigation

None

Update Availability

To fix the security issue, please update DSM 6.1 to 6.1.3-15152-8 or above, DSM6.0 to 6.0.3-8754-6 or above and SRM 1.1 to 1.1.5-6542-3 or above.

For DSM 5.2 please update DSM to 6.0.3-8754-6 or above.

Reference