Vulnerability CVE-2017-13087: Information

Description

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-13087
Published: Oct. 17, 2017
Modified: Oct. 3, 2019
Error type identifier: CWE-330

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
hostapdsisyphus2.6-alt22.10-alt2ALT-PU-2017-2440-1190880Fixed
hostapdp102.6-alt22.10-alt2ALT-PU-2017-2440-1190880Fixed
hostapdp92.6-alt22.9-alt2ALT-PU-2017-2440-1190880Fixed
hostapdc10f12.6-alt22.10-alt2ALT-PU-2017-2440-1190880Fixed
hostapdc9f22.6-alt22.10-alt2ALT-PU-2017-2440-1190880Fixed
wpa_supplicantsisyphus2.6-alt22.10-alt2ALT-PU-2017-2441-1190880Fixed
wpa_supplicantp102.6-alt22.10-alt2ALT-PU-2017-2441-1190880Fixed
wpa_supplicantp92.6-alt22.9-alt4ALT-PU-2017-2441-1190880Fixed
wpa_supplicantp82.6-alt1.M80P.12.6-alt1.M80P.1ALT-PU-2017-2455-1190972Fixed
wpa_supplicantc10f12.6-alt22.10-alt2ALT-PU-2017-2441-1190880Fixed
wpa_supplicantc9f22.6-alt22.10-alt2ALT-PU-2017-2441-1190880Fixed
wpa_supplicantc72.6-alt1.M70C.12.6-alt1.M70C.1ALT-PU-2017-2445-1190889Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.krackattacks.com/
  • Technical Description
  • Third Party Advisory
VU#228519
  • Third Party Advisory
  • US Government Resource
1039581
  • Third Party Advisory
  • VDB Entry
1039578
  • Third Party Advisory
  • VDB Entry
1039577
  • Third Party Advisory
  • VDB Entry
1039576
  • Third Party Advisory
  • VDB Entry
1039573
  • Third Party Advisory
  • VDB Entry
101274
  • Third Party Advisory
  • VDB Entry
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
  • Third Party Advisory
20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
  • Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-17420
  • Third Party Advisory
FreeBSD-SA-17:07
  • Third Party Advisory
https://access.redhat.com/security/vulnerabilities/kracks
  • Third Party Advisory
RHSA-2017:2911
  • Third Party Advisory
RHSA-2017:2907
  • Third Party Advisory
USN-3455-1
  • Third Party Advisory
DSA-3999
  • Third Party Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
  • Third Party Advisory
openSUSE-SU-2017:2755
  • Third Party Advisory
SUSE-SU-2017:2752
  • Third Party Advisory
SUSE-SU-2017:2745
  • Third Party Advisory
GLSA-201711-03
    https://source.android.com/security/bulletin/2017-11-01
      https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
        https://cert.vde.com/en-us/advisories/vde-2017-005

            1. Configuration 1

              cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
              cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
              cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
              cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
              cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
              cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
              cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
              cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
              cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*
              cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*
              cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*
              cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*
              cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*
              cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*

              Configuration 2

              cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*
              cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*

              Configuration 3

              cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
              cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*
              cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*
              cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*
              cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*
              cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*
              cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.0
          Back to top