Vulnerability BDU:2017-02263: Information
Description
Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (pairwise key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети
Severity: HIGH (7.9) Vector: AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| hostapd | sisyphus | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2440-1 | 190880 | Fixed |
| hostapd | p10 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2440-1 | 190880 | Fixed |
| hostapd | p9 | 2.6-alt2 | 2.9-alt2 | ALT-PU-2017-2440-1 | 190880 | Fixed |
| hostapd | c10f1 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2440-1 | 190880 | Fixed |
| hostapd | c9f2 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2440-1 | 190880 | Fixed |
| hostapd | p11 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2440-1 | 190880 | Fixed |
| wpa_supplicant | sisyphus | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2441-1 | 190880 | Fixed |
| wpa_supplicant | p10 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2441-1 | 190880 | Fixed |
| wpa_supplicant | p9 | 2.6-alt2 | 2.9-alt4 | ALT-PU-2017-2441-1 | 190880 | Fixed |
| wpa_supplicant | p8 | 2.6-alt1.M80P.1 | 2.6-alt1.M80P.1 | ALT-PU-2017-2455-1 | 190972 | Fixed |
| wpa_supplicant | c10f1 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2441-1 | 190880 | Fixed |
| wpa_supplicant | c9f2 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2441-1 | 190880 | Fixed |
| wpa_supplicant | c7 | 2.6-alt1.M70C.1 | 2.6-alt1.M70C.1 | ALT-PU-2017-2445-1 | 190889 | Fixed |
| wpa_supplicant | p11 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2441-1 | 190880 | Fixed |
References to Advisories, Solutions, and Tools
| Vulnerability Status | Подтверждена производителем |
| Presence of an exploit | Существует |
| Fix status | Уязвимость устранена |
| Software Type | Операционная система, Сетевое программное средство, ПО программно-аппаратного средства АСУ ТП, Прикладное ПО информационных систем, ПО сетевого программно-аппаратного средства, Микропрограммный код |
| Solution | I. Обновление программного обеспечения в соответствии с рекомендациями разработчика: Aruba Networks: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt; Cisco Systems Inc.: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa; Espressif Systems: https://github.com/espressif/ESP8266_RTOS_SDK/commit/2fab9e23d779cdd6e5900b8ba2b588e30d9b08c4; Fortinet Inc.: http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf; FreeBSD Project: http://vuxml.freebsd.org/freebsd/d670a953-b2a1-11e7-a633-009c02a2ab30.html; Jouni Malinen: https://w1.fi/security/2017-1/; Intel Corp.: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr; Microchip Technology: http://www.microchip.com/design-centers/wireless-connectivity/embedded-wi-fi/wpa2-protocol-vulnerability; Microsoft Corp.: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080; Peplink: https://forum.peplink.com/t/security-advisory-krack-wpa2-vulnerability-vu-228519/12715; Sierra Wireless Inc.: https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/wpa_swi_summaryv4.ashx?la=en; Ubiquiti Networks: "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522; https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-4-0-Has-Been-Released/ba-p/2081100"; Canonical Ltd.: https://usn.ubuntu.com/usn/usn-3455-1/; Watchguard Technologies Inc.: https://www.watchguard.com/wgrd-blog/wpa-and-wpa2-vulnerabilities-update; Zyxel Communications Corp.: http://www.zyxel.com/support/announcement_wpa2_key_management.shtml II. Ограничение доступа к Wi-Fi-устройству III. Обновление программного обеспечения: Для RUGGEDCOM RX1400 с WLAN interface до V2.11.2: https://support.industry.siemens.com/my/WW/en/requests#createRequest Для SCALANCE W-700 (IEEE 802.11n) до V6.2.1: https://support.industry.siemens.com/cs/us/en/ps/21965/dl Для SCALANCE W1750D до V6.5.1.5-4.3.1.8: https://support.industry.siemens.com/cs/ww/en/view/109756771 Для SCALANCE WLC711 и SCALANCE WLC712 до V9.21.19.003: https://support.industry.siemens.com/cs/ww/en/view/109755170 Для SINAMICS V20 Smart Access Module до V01.03.01: https://support.industry.siemens.com/cs/ww/en/view/109765008 |
| Sources | https://papers.mathyvanhoef.com/ccs2017.pdf https://www.kb.cert.org/vuls/id/228519 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa https://github.com/espressif/ESP8266_RTOS_SDK/commit/2fab9e23d779cdd6e5900b8ba2b588e30d9b08c4 http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf http://vuxml.freebsd.org/freebsd/d670a953-b2a1-11e7-a633-009c02a2ab30.html https://w1.fi/security/2017-1/ https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr http://www.microchip.com/design-centers/wireless-connectivity/embedded-wi-fi/wpa2-protocol-vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080 https://forum.peplink.com/t/security-advisory-krack-wpa2-vulnerability-vu-228519/12715 https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/wpa_swi_summaryv4.ashx?la=en https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522 https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-4-0-Has-Been-Released/ba-p/2081100 https://usn.ubuntu.com/usn/usn-3455-1/ https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf https://www.watchguard.com/wgrd-blog/wpa-and-wpa2-vulnerabilities-update http://www.zyxel.com/support/announcement_wpa2_key_management.shtml |
| Other system identifiers |