Vulnerability BDU:2017-02270: Information

Подтверждена производителем
Существует
Уязвимость устранена
Операционная система, Сетевое программное средство, Прикладное ПО информационных систем, ПО сетевого программно-аппаратного средства, Микропрограммный код
I. Обновление программного обеспечения в соответствии с рекомендациями разработчика:

Aruba Networks: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

Cisco Systems Inc.: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

Espressif Systems: https://github.com/espressif/ESP8266_RTOS_SDK/commit/2fab9e23d779cdd6e5900b8ba2b588e30d9b08c4

Fortinet Inc.: http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf

FreeBSD Project: http://vuxml.freebsd.org/freebsd/d670a953-b2a1-11e7-a633-009c02a2ab30.html

Jouni Malinen: https://w1.fi/security/2017-1/

Intel Corp.: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&amp;languageid=en-fr

Microchip Technology: http://www.microchip.com/design-centers/wireless-connectivity/embedded-wi-fi/wpa2-protocol-vulnerability

Microsoft Corp.: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

Peplink: https://forum.peplink.com/t/security-advisory-krack-wpa2-vulnerability-vu-228519/12715

Sierra Wireless Inc.: https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/wpa_swi_summaryv4.ashx?la=en

Ubiquiti Networks: https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522 https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-4-0-Has-Been-Released/ba-p/2081100

Canonical Ltd.: https://usn.ubuntu.com/usn/usn-3455-1/

Watchguard Technologies Inc.: https://www.watchguard.com/wgrd-blog/wpa-and-wpa2-vulnerabilities-update

Zyxel Communications Corp.: http://www.zyxel.com/support/announcement_wpa2_key_management.shtml

II. Ограничение доступа к Wi-Fi-устройству
https://papers.mathyvanhoef.com/ccs2017.pdf
https://www.kb.cert.org/vuls/id/228519
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
https://github.com/espressif/ESP8266_RTOS_SDK/commit/2fab9e23d779cdd6e5900b8ba2b588e30d9b08c4
http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf
http://vuxml.freebsd.org/freebsd/d670a953-b2a1-11e7-a633-009c02a2ab30.html
https://w1.fi/security/2017-1/
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&amp;languageid=en-fr
http://www.microchip.com/design-centers/wireless-connectivity/embedded-wi-fi/wpa2-protocol-vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
https://forum.peplink.com/t/security-advisory-krack-wpa2-vulnerability-vu-228519/12715
https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/wpa_swi_summaryv4.ashx?la=en
https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522
https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-4-0-Has-Been-Released/ba-p/2081100
https://usn.ubuntu.com/usn/usn-3455-1/
https://www.watchguard.com/wgrd-blog/wpa-and-wpa2-vulnerabilities-update
http://www.zyxel.com/support/announcement_wpa2_key_management.shtml

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
hostapd	sisyphus	2.6-alt2	2.10-alt2	ALT-PU-2017-2440-1	190880	Fixed
hostapd	p10	2.6-alt2	2.10-alt2	ALT-PU-2017-2440-1	190880	Fixed
hostapd	p9	2.6-alt2	2.9-alt2	ALT-PU-2017-2440-1	190880	Fixed
hostapd	c10f1	2.6-alt2	2.10-alt2	ALT-PU-2017-2440-1	190880	Fixed
hostapd	c9f2	2.6-alt2	2.10-alt2	ALT-PU-2017-2440-1	190880	Fixed
hostapd	p11	2.6-alt2	2.10-alt2	ALT-PU-2017-2440-1	190880	Fixed
wpa_supplicant	sisyphus	2.6-alt2	2.10-alt2	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	p10	2.6-alt2	2.10-alt2	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	p9	2.6-alt2	2.9-alt4	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	p8	2.6-alt1.M80P.1	2.6-alt1.M80P.1	ALT-PU-2017-2455-1	190972	Fixed
wpa_supplicant	c10f1	2.6-alt2	2.10-alt2	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	c9f2	2.6-alt2	2.10-alt2	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	c7	2.6-alt1.M70C.1	2.6-alt1.M70C.1	ALT-PU-2017-2445-1	190889	Fixed
wpa_supplicant	p11	2.6-alt2	2.10-alt2	ALT-PU-2017-2441-1	190880	Fixed

Vulnerability Status	Подтверждена производителем
Presence of an exploit	Существует
Fix status	Уязвимость устранена
Software Type	Операционная система, Сетевое программное средство, Прикладное ПО информационных систем, ПО сетевого программно-аппаратного средства, Микропрограммный код
Solution	I. Обновление программного обеспечения в соответствии с рекомендациями разработчика: Aruba Networks: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt Cisco Systems Inc.: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa Espressif Systems: https://github.com/espressif/ESP8266_RTOS_SDK/commit/2fab9e23d779cdd6e5900b8ba2b588e30d9b08c4 Fortinet Inc.: http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf FreeBSD Project: http://vuxml.freebsd.org/freebsd/d670a953-b2a1-11e7-a633-009c02a2ab30.html Jouni Malinen: https://w1.fi/security/2017-1/ Intel Corp.: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr Microchip Technology: http://www.microchip.com/design-centers/wireless-connectivity/embedded-wi-fi/wpa2-protocol-vulnerability Microsoft Corp.: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080 Peplink: https://forum.peplink.com/t/security-advisory-krack-wpa2-vulnerability-vu-228519/12715 Sierra Wireless Inc.: https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/wpa_swi_summaryv4.ashx?la=en Ubiquiti Networks: https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522 https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-4-0-Has-Been-Released/ba-p/2081100 Canonical Ltd.: https://usn.ubuntu.com/usn/usn-3455-1/ Watchguard Technologies Inc.: https://www.watchguard.com/wgrd-blog/wpa-and-wpa2-vulnerabilities-update Zyxel Communications Corp.: http://www.zyxel.com/support/announcement_wpa2_key_management.shtml II. Ограничение доступа к Wi-Fi-устройству
Sources	https://papers.mathyvanhoef.com/ccs2017.pdf https://www.kb.cert.org/vuls/id/228519 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa https://github.com/espressif/ESP8266_RTOS_SDK/commit/2fab9e23d779cdd6e5900b8ba2b588e30d9b08c4 http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf http://vuxml.freebsd.org/freebsd/d670a953-b2a1-11e7-a633-009c02a2ab30.html https://w1.fi/security/2017-1/ https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr http://www.microchip.com/design-centers/wireless-connectivity/embedded-wi-fi/wpa2-protocol-vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080 https://forum.peplink.com/t/security-advisory-krack-wpa2-vulnerability-vu-228519/12715 https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/wpa_swi_summaryv4.ashx?la=en https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522 https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-4-0-Has-Been-Released/ba-p/2081100 https://usn.ubuntu.com/usn/usn-3455-1/ https://www.watchguard.com/wgrd-blog/wpa-and-wpa2-vulnerabilities-update http://www.zyxel.com/support/announcement_wpa2_key_management.shtml
Other system identifiers	CVE-2017-13086 USN-3455 CISCO-SA-20171016-wpa JSA ID:10827 INTEL-SA-00101 ARUBA-PSA-2017-007

Vulnerability BDU:2017-02270: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools