Vulnerability CVE-2017-13079: Information

Description

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-13079

Published: Oct. 17, 2017

Modified: Oct. 3, 2019

Error type identifier: CWE-330

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
hostapd	sisyphus	2.6-alt2	2.10-alt2	ALT-PU-2017-2440-1	190880	Fixed
hostapd	p10	2.6-alt2	2.10-alt2	ALT-PU-2017-2440-1	190880	Fixed
hostapd	p9	2.6-alt2	2.9-alt2	ALT-PU-2017-2440-1	190880	Fixed
hostapd	c10f1	2.6-alt2	2.10-alt2	ALT-PU-2017-2440-1	190880	Fixed
hostapd	c9f2	2.6-alt2	2.10-alt2	ALT-PU-2017-2440-1	190880	Fixed
wpa_supplicant	sisyphus	2.6-alt2	2.10-alt2	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	p10	2.6-alt2	2.10-alt2	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	p9	2.6-alt2	2.9-alt4	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	p8	2.6-alt1.M80P.1	2.6-alt1.M80P.1	ALT-PU-2017-2455-1	190972	Fixed
wpa_supplicant	c10f1	2.6-alt2	2.10-alt2	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	c9f2	2.6-alt2	2.10-alt2	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	c7	2.6-alt1.M70C.1	2.6-alt1.M70C.1	ALT-PU-2017-2445-1	190889	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.krackattacks.com/	Technical Description Third Party Advisory
VU#228519	Third Party Advisory US Government Resource
1039585	Third Party Advisory VDB Entry
1039581	Third Party Advisory VDB Entry
1039578	Third Party Advisory VDB Entry
1039577	Third Party Advisory VDB Entry
1039576	Third Party Advisory VDB Entry
1039573	Third Party Advisory VDB Entry
101274	Third Party Advisory VDB Entry
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt	Third Party Advisory
20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II	Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-17420	Third Party Advisory
FreeBSD-SA-17:07	Third Party Advisory
https://access.redhat.com/security/vulnerabilities/kracks	Third Party Advisory
USN-3455-1	Third Party Advisory
DSA-3999	Third Party Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt	Third Party Advisory
openSUSE-SU-2017:2755	Third Party Advisory
SUSE-SU-2017:2752	Third Party Advisory
SUSE-SU-2017:2745	Third Party Advisory
GLSA-201711-03
https://source.android.com/security/bulletin/2017-11-01
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
https://cert.vde.com/en-us/advisories/vde-2017-005
[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update

Affected configurations:
1. Configuration 1
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*
  cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*
  cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*
  cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*
  cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*
  
  Configuration 2
  cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*
  cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*
  cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*

Version: v24.4.2

Vulnerability CVE-2017-13079: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3