Vulnerability BDU:2017-02270: Information
Description
Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (Tunered Direct Link PeerKey) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети
Severity: HIGH (7.9) Vector: AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
hostapd | sisyphus | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2440-1 | 190880 | Fixed |
hostapd | p10 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2440-1 | 190880 | Fixed |
hostapd | p9 | 2.6-alt2 | 2.9-alt2 | ALT-PU-2017-2440-1 | 190880 | Fixed |
hostapd | c10f1 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2440-1 | 190880 | Fixed |
hostapd | c9f2 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2440-1 | 190880 | Fixed |
hostapd | p11 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2440-1 | 190880 | Fixed |
wpa_supplicant | sisyphus | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2441-1 | 190880 | Fixed |
wpa_supplicant | p10 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2441-1 | 190880 | Fixed |
wpa_supplicant | p9 | 2.6-alt2 | 2.9-alt4 | ALT-PU-2017-2441-1 | 190880 | Fixed |
wpa_supplicant | p8 | 2.6-alt1.M80P.1 | 2.6-alt1.M80P.1 | ALT-PU-2017-2455-1 | 190972 | Fixed |
wpa_supplicant | c10f1 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2441-1 | 190880 | Fixed |
wpa_supplicant | c9f2 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2441-1 | 190880 | Fixed |
wpa_supplicant | c7 | 2.6-alt1.M70C.1 | 2.6-alt1.M70C.1 | ALT-PU-2017-2445-1 | 190889 | Fixed |
wpa_supplicant | p11 | 2.6-alt2 | 2.10-alt2 | ALT-PU-2017-2441-1 | 190880 | Fixed |
References to Advisories, Solutions, and Tools
Vulnerability Status | Подтверждена производителем |
Presence of an exploit | Существует |
Fix status | Уязвимость устранена |
Software Type | Операционная система, Сетевое программное средство, Прикладное ПО информационных систем, ПО сетевого программно-аппаратного средства, Микропрограммный код |
Solution | I. Обновление программного обеспечения в соответствии с рекомендациями разработчика: Aruba Networks: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt Cisco Systems Inc.: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa Espressif Systems: https://github.com/espressif/ESP8266_RTOS_SDK/commit/2fab9e23d779cdd6e5900b8ba2b588e30d9b08c4 Fortinet Inc.: http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf FreeBSD Project: http://vuxml.freebsd.org/freebsd/d670a953-b2a1-11e7-a633-009c02a2ab30.html Jouni Malinen: https://w1.fi/security/2017-1/ Intel Corp.: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr Microchip Technology: http://www.microchip.com/design-centers/wireless-connectivity/embedded-wi-fi/wpa2-protocol-vulnerability Microsoft Corp.: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080 Peplink: https://forum.peplink.com/t/security-advisory-krack-wpa2-vulnerability-vu-228519/12715 Sierra Wireless Inc.: https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/wpa_swi_summaryv4.ashx?la=en Ubiquiti Networks: https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522 https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-4-0-Has-Been-Released/ba-p/2081100 Canonical Ltd.: https://usn.ubuntu.com/usn/usn-3455-1/ Watchguard Technologies Inc.: https://www.watchguard.com/wgrd-blog/wpa-and-wpa2-vulnerabilities-update Zyxel Communications Corp.: http://www.zyxel.com/support/announcement_wpa2_key_management.shtml II. Ограничение доступа к Wi-Fi-устройству |
Sources | https://papers.mathyvanhoef.com/ccs2017.pdf https://www.kb.cert.org/vuls/id/228519 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa https://github.com/espressif/ESP8266_RTOS_SDK/commit/2fab9e23d779cdd6e5900b8ba2b588e30d9b08c4 http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf http://vuxml.freebsd.org/freebsd/d670a953-b2a1-11e7-a633-009c02a2ab30.html https://w1.fi/security/2017-1/ https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr http://www.microchip.com/design-centers/wireless-connectivity/embedded-wi-fi/wpa2-protocol-vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080 https://forum.peplink.com/t/security-advisory-krack-wpa2-vulnerability-vu-228519/12715 https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/wpa_swi_summaryv4.ashx?la=en https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522 https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-4-0-Has-Been-Released/ba-p/2081100 https://usn.ubuntu.com/usn/usn-3455-1/ https://www.watchguard.com/wgrd-blog/wpa-and-wpa2-vulnerabilities-update http://www.zyxel.com/support/announcement_wpa2_key_management.shtml |
Other system identifiers |