wpa_supplicant

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A utility providing key negotiation for WPA wireless networks
Version 1:2.6-11 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-454 1:2.5-1 1:2.6-1 High Fixed
AVG-452 1:2.6-10 High Not affected
AVG-447 1:2.6-10 1:2.6-11 High Fixed
AVG-11 1:2.5-3 1:2.6-1 High Fixed FS#49196
Issue Group Severity Remote Type Description
CVE-2017-13088 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep...
CVE-2017-13087 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13086 AVG-454 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13084 AVG-452 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the short term key (STK) in the PeerKey handshake.
CVE-2017-13082 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key (PTK) while processing it.
CVE-2017-13081 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13080 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13079 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13078 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13077 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2016-4477 AVG-11 High No Privilege escalation
The local configuration update through the control interface SET_NETWORK command could allow privilege escalation for the local user to run code from a...
CVE-2016-4476 AVG-11 Low Yes Denial of service
A vulnerability was found in how hostapd and wpa_supplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter...

Advisories

Date Advisory Group Severity Description
16 Oct 2017 ASA-201710-22 AVG-447 High man-in-the-middle
08 Oct 2016 ASA-201610-7 AVG-11 High multiple issues