hostapd

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Version 2.6-7 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-453 2.5-1 2.6-1 High Fixed
AVG-451 2.6-5 High Not affected
AVG-448 2.6-5 2.6-6 High Fixed
AVG-10 2.5-2 2.6-1 High Fixed FS#49196
Issue Group Severity Remote Type Description
CVE-2017-13088 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep...
CVE-2017-13087 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13086 AVG-453 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13084 AVG-451 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the short term key (STK) in the PeerKey handshake.
CVE-2017-13082 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key (PTK) while processing it.
CVE-2017-13081 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13080 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13079 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13078 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13077 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2016-4477 AVG-10 High No Privilege escalation
The local configuration update through the control interface SET_NETWORK command could allow privilege escalation for the local user to run code from a...
CVE-2016-4476 AVG-10 Low Yes Denial of service
A vulnerability was found in how hostapd and wpa_supplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter...

Advisories

Date Advisory Group Severity Description
16 Oct 2017 ASA-201710-23 AVG-448 High man-in-the-middle
04 Oct 2016 ASA-201610-3 AVG-10 High multiple issues