CVE-2017-13081
First published: Tue Oct 17 2017(Updated: )
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =17.04 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| FreeBSD FreeBSD | ||
| FreeBSD FreeBSD | =10 | |
| FreeBSD FreeBSD | =10.4 | |
| FreeBSD FreeBSD | =11 | |
| FreeBSD FreeBSD | =11.1 | |
| openSUSE Leap | =42.2 | |
| openSUSE Leap | =42.3 | |
| Redhat Enterprise Linux Desktop | =7 | |
| Redhat Enterprise Linux Server | =7 | |
| W1.fi Hostapd | =0.2.4 | |
| W1.fi Hostapd | =0.2.5 | |
| W1.fi Hostapd | =0.2.6 | |
| W1.fi Hostapd | =0.2.8 | |
| W1.fi Hostapd | =0.3.7 | |
| W1.fi Hostapd | =0.3.9 | |
| W1.fi Hostapd | =0.3.10 | |
| W1.fi Hostapd | =0.3.11 | |
| W1.fi Hostapd | =0.4.7 | |
| W1.fi Hostapd | =0.4.8 | |
| W1.fi Hostapd | =0.4.9 | |
| W1.fi Hostapd | =0.4.10 | |
| W1.fi Hostapd | =0.4.11 | |
| W1.fi Hostapd | =0.5.7 | |
| W1.fi Hostapd | =0.5.8 | |
| W1.fi Hostapd | =0.5.9 | |
| W1.fi Hostapd | =0.5.10 | |
| W1.fi Hostapd | =0.5.11 | |
| W1.fi Hostapd | =0.6.8 | |
| W1.fi Hostapd | =0.6.9 | |
| W1.fi Hostapd | =0.6.10 | |
| W1.fi Hostapd | =0.7.3 | |
| W1.fi Hostapd | =1.0 | |
| W1.fi Hostapd | =1.1 | |
| W1.fi Hostapd | =2.0 | |
| W1.fi Hostapd | =2.1 | |
| W1.fi Hostapd | =2.2 | |
| W1.fi Hostapd | =2.3 | |
| W1.fi Hostapd | =2.4 | |
| W1.fi Hostapd | =2.5 | |
| W1.fi Hostapd | =2.6 | |
| W1.fi Wpa Supplicant | =0.2.4 | |
| W1.fi Wpa Supplicant | =0.2.5 | |
| W1.fi Wpa Supplicant | =0.2.6 | |
| W1.fi Wpa Supplicant | =0.2.7 | |
| W1.fi Wpa Supplicant | =0.2.8 | |
| W1.fi Wpa Supplicant | =0.3.7 | |
| W1.fi Wpa Supplicant | =0.3.8 | |
| W1.fi Wpa Supplicant | =0.3.9 | |
| W1.fi Wpa Supplicant | =0.3.10 | |
| W1.fi Wpa Supplicant | =0.3.11 | |
| W1.fi Wpa Supplicant | =0.4.7 | |
| W1.fi Wpa Supplicant | =0.4.8 | |
| W1.fi Wpa Supplicant | =0.4.9 | |
| W1.fi Wpa Supplicant | =0.4.10 | |
| W1.fi Wpa Supplicant | =0.4.11 | |
| W1.fi Wpa Supplicant | =0.5.7 | |
| W1.fi Wpa Supplicant | =0.5.8 | |
| W1.fi Wpa Supplicant | =0.5.9 | |
| W1.fi Wpa Supplicant | =0.5.10 | |
| W1.fi Wpa Supplicant | =0.5.11 | |
| W1.fi Wpa Supplicant | =0.6.8 | |
| W1.fi Wpa Supplicant | =0.6.9 | |
| W1.fi Wpa Supplicant | =0.6.10 | |
| W1.fi Wpa Supplicant | =0.7.3 | |
| W1.fi Wpa Supplicant | =1.0 | |
| W1.fi Wpa Supplicant | =1.1 | |
| W1.fi Wpa Supplicant | =2.0 | |
| W1.fi Wpa Supplicant | =2.1 | |
| W1.fi Wpa Supplicant | =2.2 | |
| W1.fi Wpa Supplicant | =2.3 | |
| W1.fi Wpa Supplicant | =2.4 | |
| W1.fi Wpa Supplicant | =2.5 | |
| W1.fi Wpa Supplicant | =2.6 | |
| SUSE Linux Enterprise Desktop | =12-sp2 | |
| SUSE Linux Enterprise Desktop | =12-sp3 | |
| SUSE Linux Enterprise Point of Sale | =11-sp3 | |
| Suse Linux Enterprise Server Ltss | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp4 | |
| SUSE Linux Enterprise Server | =12 | |
| SUSE OpenStack Cloud | =6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.android.com//android.googlesource.com/platform/external/wpa_supplicant_8/+/10bfd644d0adaf334c036f8cda91a73984dbb7b9
- https://source.android.com/docs/security/bulletin/2017-11-01 (Advisory)
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- http://www.debian.org/security/2017/dsa-3999
- http://www.kb.cert.org/vuls/id/228519
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.securityfocus.com/bid/101274
- http://www.securitytracker.com/id/1039573
- http://www.securitytracker.com/id/1039576
- http://www.securitytracker.com/id/1039577
- http://www.securitytracker.com/id/1039578
- http://www.securitytracker.com/id/1039581
- http://www.securitytracker.com/id/1039585
- http://www.ubuntu.com/usn/USN-3455-1
- https://access.redhat.com/security/vulnerabilities/kracks
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert.vde.com/en-us/advisories/vde-2017-005
- https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
- https://security.gentoo.org/glsa/201711-03
- https://source.android.com/security/bulletin/2017-11-01
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://www.krackattacks.com/
- agent/weakness
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/tags
- agent/event
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/trending
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/17.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/10
- version/freebsd freebsd/10.4
- version/freebsd freebsd/11
- version/freebsd freebsd/11.1
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/42.2
- version/opensuse leap/42.3
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7
- vendor/w1.fi
- canonical/w1.fi hostapd
- version/w1.fi hostapd/0.2.4
- version/w1.fi hostapd/0.2.5
- version/w1.fi hostapd/0.2.6
- version/w1.fi hostapd/0.2.8
- version/w1.fi hostapd/0.3.7
- version/w1.fi hostapd/0.3.9
- version/w1.fi hostapd/0.3.10
- version/w1.fi hostapd/0.3.11
- version/w1.fi hostapd/0.4.7
- version/w1.fi hostapd/0.4.8
- version/w1.fi hostapd/0.4.9
- version/w1.fi hostapd/0.4.10
- version/w1.fi hostapd/0.4.11
- version/w1.fi hostapd/0.5.7
- version/w1.fi hostapd/0.5.8
- version/w1.fi hostapd/0.5.9
- version/w1.fi hostapd/0.5.10
- version/w1.fi hostapd/0.5.11
- version/w1.fi hostapd/0.6.8
- version/w1.fi hostapd/0.6.9
- version/w1.fi hostapd/0.6.10
- version/w1.fi hostapd/0.7.3
- version/w1.fi hostapd/1.0
- version/w1.fi hostapd/1.1
- version/w1.fi hostapd/2.0
- version/w1.fi hostapd/2.1
- version/w1.fi hostapd/2.2
- version/w1.fi hostapd/2.3
- version/w1.fi hostapd/2.4
- version/w1.fi hostapd/2.5
- version/w1.fi hostapd/2.6
- canonical/w1.fi wpa supplicant
- version/w1.fi wpa supplicant/0.2.4
- version/w1.fi wpa supplicant/0.2.5
- version/w1.fi wpa supplicant/0.2.6
- version/w1.fi wpa supplicant/0.2.7
- version/w1.fi wpa supplicant/0.2.8
- version/w1.fi wpa supplicant/0.3.7
- version/w1.fi wpa supplicant/0.3.8
- version/w1.fi wpa supplicant/0.3.9
- version/w1.fi wpa supplicant/0.3.10
- version/w1.fi wpa supplicant/0.3.11
- version/w1.fi wpa supplicant/0.4.7
- version/w1.fi wpa supplicant/0.4.8
- version/w1.fi wpa supplicant/0.4.9
- version/w1.fi wpa supplicant/0.4.10
- version/w1.fi wpa supplicant/0.4.11
- version/w1.fi wpa supplicant/0.5.7
- version/w1.fi wpa supplicant/0.5.8
- version/w1.fi wpa supplicant/0.5.9
- version/w1.fi wpa supplicant/0.5.10
- version/w1.fi wpa supplicant/0.5.11
- version/w1.fi wpa supplicant/0.6.8
- version/w1.fi wpa supplicant/0.6.9
- version/w1.fi wpa supplicant/0.6.10
- version/w1.fi wpa supplicant/0.7.3
- version/w1.fi wpa supplicant/1.0
- version/w1.fi wpa supplicant/1.1
- version/w1.fi wpa supplicant/2.0
- version/w1.fi wpa supplicant/2.1
- version/w1.fi wpa supplicant/2.2
- version/w1.fi wpa supplicant/2.3
- version/w1.fi wpa supplicant/2.4
- version/w1.fi wpa supplicant/2.5
- version/w1.fi wpa supplicant/2.6
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/12-sp2
- version/suse linux enterprise desktop/12-sp3
- canonical/suse linux enterprise point of sale
- version/suse linux enterprise point of sale/11-sp3
- canonical/suse linux enterprise server ltss
- version/suse linux enterprise server ltss/11-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp4
- version/suse linux enterprise server/12
- canonical/suse openstack cloud
- version/suse openstack cloud/6
- vendor/google
- canonical/google android