AVG-447

Package wpa_supplicant
Status Fixed
Severity High
Type man-in-the-middle
Affected 1:2.6-10
Fixed 1:2.6-11
Current 2:2.6-2 [core]
Ticket None
Created Mon Oct 16 12:28:04 2017
Issue Severity Remote Type Description
CVE-2017-13088 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep...
CVE-2017-13087 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13082 High Yes Man-in-the-middle
A vulnerability has been discovered that allows accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key (PTK) while processing it.
CVE-2017-13081 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13080 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13079 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13078 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13077 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
Date Advisory Package Description
16 Oct 2017 ASA-201710-22 wpa_supplicant man-in-the-middle
References
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
https://papers.mathyvanhoef.com/ccs2017.pdf
https://www.kb.cert.org/vuls/id/228519
https://www.krackattacks.com/