VARIoT IoT vulnerabilities database

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or "KRACK" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). There is an IGTK group key reloading vulnerability in the fourth handshake of the WPA2 wireless network. WPA2 is prone to multiple security weaknesses. Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant). An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2. For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1. For the testing distribution (buster), these problems have been fixed in version 2:2.4-1.1. For the unstable distribution (sid), these problems have been fixed in version 2:2.4-1.1. We recommend that you upgrade your wpa packages. ========================================================================== Ubuntu Security Notice USN-3455-1 October 16, 2017 wpa vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in wpa_supplicant. Software Description: - wpa: client support for WPA and WPA2 Details: Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: hostapd 2.4-0ubuntu9.1 wpasupplicant 2.4-0ubuntu9.1 Ubuntu 16.04 LTS: hostapd 2.4-0ubuntu6.2 wpasupplicant 2.4-0ubuntu6.2 Ubuntu 14.04 LTS: hostapd 2.1-0ubuntu1.5 wpasupplicant 2.1-0ubuntu1.5 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3455-1 CVE-2016-4476, CVE-2016-4477, CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 Package Information: https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu9.1 https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.2 https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.5 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201711-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks Date: November 10, 2017 Bugs: #634436, #634438 ID: 201711-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A flaw was discovered in the 4-way handshake in hostapd and wpa_supplicant that allows attackers to conduct a Man in the Middle attack. Background ========== wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN). Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-wireless/hostapd < 2.6-r1 >= 2.6-r1 2 net-wireless/wpa_supplicant < 2.6-r3 >= 2.6-r3 ------------------------------------------------------------------- 2 affected packages Description =========== WiFi Protected Access (WPA and WPA2) and it's associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for details. Impact ====== An attacker can carry out the KRACK attacks on a wireless network in order to gain access to network clients. Once achieved, the attacker can potentially harvest confidential information (e.g. HTTP/HTTPS), inject malware, or perform a myriad of other attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All hostapd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.6-r1" All wpa_supplicant users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-wireless/wpa_supplicant-2.6-r3" References ========== [ 1 ] CVE-2017-13077 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13077 [ 2 ] CVE-2017-13078 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13078 [ 3 ] CVE-2017-13079 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13079 [ 4 ] CVE-2017-13080 . Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded. This update includes patches to mitigate the WPA2 protocol issues known as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data, hijack TCP connections, and to forge and inject packets. This is the list of vulnerabilities that are addressed here: CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake. CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. For more information, see: https://www.krackattacks.com/ https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz MD5 signatures: +-------------+ Slackware 14.0 package: d8ecfaadb50b3547967ab53733ffc019 wpa_supplicant-2.6-i486-1_slack14.0.txz Slackware x86_64 14.0 package: f25216d28800504ce498705da7c9a825 wpa_supplicant-2.6-x86_64-1_slack14.0.txz Slackware 14.1 package: 15c61050e4bab2581757befd86be74c0 wpa_supplicant-2.6-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 49fd537a520338744f7757615556d352 wpa_supplicant-2.6-x86_64-1_slack14.1.txz Slackware 14.2 package: c5539f40c8510af89be92945f0f80185 wpa_supplicant-2.6-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 4c527ff84fcdfd7839f217bbce2e4ae4 wpa_supplicant-2.6-x86_64-1_slack14.2.txz Slackware -current package: 28bd88a54e96368f7a7020c1f5fb67fe n/wpa_supplicant-2.6-i586-2.txz Slackware x86_64 -current package: 464fc6b48d1ac077f47e9a3a8534c160 n/wpa_supplicant-2.6-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:07.wpa Security Advisory The FreeBSD Project Topic: WPA2 protocol vulnerability Category: contrib Module: wpa Announced: 2017-10-16 Credits: Mathy Vanhoef Affects: All supported versions of FreeBSD. Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE) 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2) 2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13) 2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE) 2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1) 2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22) CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. 0. Revision history v1.0 2017-10-17 Initial release. v1.1 2017-10-19 Add patches for 10.x releases. I. hostapd and wpa_supplicant are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol. II. Problem Description A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. III. Impact Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. IV. Workaround An updated version of wpa_supplicant is available in the FreeBSD Ports Collection. Install version 2.6_2 or later of the security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf to use the new binary: wpa_supplicant_program="/usr/local/sbin/wpa_supplicant" and restart networking. An updated version of hostapd is available in the FreeBSD Ports Collection. Install version 2.6_1 or later of the net/hostapd port/pkg. Once installed, update /etc/rc.conf to use the new binary: hostapd_program="/usr/local/sbin/hostapd" and restart hostapd. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart the Wi-Fi network interfaces/hostapd or reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart the Wi-Fi network interfaces/hostapd or reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE] # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc # gpg --verify wpa-11.patch.asc [FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE] # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc # gpg --verify wpa-10.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r324697 releng/11.0/ r324698 releng/11.1/ r324699 stable/10/ r324739 releng/10.3/ r324740 releng/10.4/ r324741 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <URL:https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt> <URL:https://www.krackattacks.com/> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc> -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P auc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf uJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/ F/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp gN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM 4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0 VpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd OAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O y7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K xfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr SdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K ETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE= =h/5q -----END PGP SIGNATURE-----

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. Wi-Fi Protected Access (WPA, more commonly WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or "KRACK" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). The PTK-TK encryption key reloading vulnerability exists when the WPA2 wireless network receives and processes the retransmitted fast BSS transition reassociation request. WPA2 is prone to multiple security weaknesses. Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: wpa_supplicant security update Advisory ID: RHSA-2017:2907-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2907 Issue date: 2017-10-17 CVE Names: CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 ===================================================================== 1. Summary: An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1491692 - CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake 1491693 - CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake 1491696 - CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake 1491698 - CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it 1500302 - CVE-2017-13086 wpa_supplicant: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake 1500303 - CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame 1500304 - CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm aarch64: wpa_supplicant-2.6-5.el7_4.1.aarch64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.aarch64.rpm ppc64: wpa_supplicant-2.6-5.el7_4.1.ppc64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64.rpm ppc64le: wpa_supplicant-2.6-5.el7_4.1.ppc64le.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64le.rpm s390x: wpa_supplicant-2.6-5.el7_4.1.s390x.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.s390x.rpm x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-13077 https://access.redhat.com/security/cve/CVE-2017-13078 https://access.redhat.com/security/cve/CVE-2017-13080 https://access.redhat.com/security/cve/CVE-2017-13082 https://access.redhat.com/security/cve/CVE-2017-13086 https://access.redhat.com/security/cve/CVE-2017-13087 https://access.redhat.com/security/cve/CVE-2017-13088 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kracks 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant). An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2. For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1. For the testing distribution (buster), these problems have been fixed in version 2:2.4-1.1. For the unstable distribution (sid), these problems have been fixed in version 2:2.4-1.1. We recommend that you upgrade your wpa packages. ========================================================================== Ubuntu Security Notice USN-3455-1 October 16, 2017 wpa vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in wpa_supplicant. Software Description: - wpa: client support for WPA and WPA2 Details: Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: hostapd 2.4-0ubuntu9.1 wpasupplicant 2.4-0ubuntu9.1 Ubuntu 16.04 LTS: hostapd 2.4-0ubuntu6.2 wpasupplicant 2.4-0ubuntu6.2 Ubuntu 14.04 LTS: hostapd 2.1-0ubuntu1.5 wpasupplicant 2.1-0ubuntu1.5 After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:07.wpa Security Advisory The FreeBSD Project Topic: WPA2 protocol vulnerability Category: contrib Module: wpa Announced: 2017-10-16 Credits: Mathy Vanhoef Affects: All supported versions of FreeBSD. Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE) 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2) 2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13) 2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE) 2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1) 2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22) CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. 0. Revision history v1.0 2017-10-17 Initial release. v1.1 2017-10-19 Add patches for 10.x releases. I. hostapd and wpa_supplicant are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol. II. Problem Description A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. III. Impact Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. IV. Workaround An updated version of wpa_supplicant is available in the FreeBSD Ports Collection. Install version 2.6_2 or later of the security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf to use the new binary: wpa_supplicant_program="/usr/local/sbin/wpa_supplicant" and restart networking. An updated version of hostapd is available in the FreeBSD Ports Collection. Install version 2.6_1 or later of the net/hostapd port/pkg. Once installed, update /etc/rc.conf to use the new binary: hostapd_program="/usr/local/sbin/hostapd" and restart hostapd. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart the Wi-Fi network interfaces/hostapd or reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart the Wi-Fi network interfaces/hostapd or reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE] # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc # gpg --verify wpa-11.patch.asc [FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE] # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc # gpg --verify wpa-10.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r324697 releng/11.0/ r324698 releng/11.1/ r324699 stable/10/ r324739 releng/10.3/ r324740 releng/10.4/ r324741 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <URL:https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt> <URL:https://www.krackattacks.com/> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc> -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P auc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf uJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/ F/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp gN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM 4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0 VpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd OAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O y7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K xfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr SdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K ETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE= =h/5q -----END PGP SIGNATURE----- . Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded. This update includes patches to mitigate the WPA2 protocol issues known as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data, hijack TCP connections, and to forge and inject packets. For more information, see: https://www.krackattacks.com/ https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz MD5 signatures: +-------------+ Slackware 14.0 package: d8ecfaadb50b3547967ab53733ffc019 wpa_supplicant-2.6-i486-1_slack14.0.txz Slackware x86_64 14.0 package: f25216d28800504ce498705da7c9a825 wpa_supplicant-2.6-x86_64-1_slack14.0.txz Slackware 14.1 package: 15c61050e4bab2581757befd86be74c0 wpa_supplicant-2.6-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 49fd537a520338744f7757615556d352 wpa_supplicant-2.6-x86_64-1_slack14.1.txz Slackware 14.2 package: c5539f40c8510af89be92945f0f80185 wpa_supplicant-2.6-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 4c527ff84fcdfd7839f217bbce2e4ae4 wpa_supplicant-2.6-x86_64-1_slack14.2.txz Slackware -current package: 28bd88a54e96368f7a7020c1f5fb67fe n/wpa_supplicant-2.6-i586-2.txz Slackware x86_64 -current package: 464fc6b48d1ac077f47e9a3a8534c160 n/wpa_supplicant-2.6-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or "KRACK" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). The IGTK group key reloading vulnerability exists in the WPA2 wireless network. WPA2 is prone to multiple security weaknesses. Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant). An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2. For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1. For the testing distribution (buster), these problems have been fixed in version 2:2.4-1.1. For the unstable distribution (sid), these problems have been fixed in version 2:2.4-1.1. We recommend that you upgrade your wpa packages. ========================================================================== Ubuntu Security Notice USN-3455-1 October 16, 2017 wpa vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in wpa_supplicant. Software Description: - wpa: client support for WPA and WPA2 Details: Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: hostapd 2.4-0ubuntu9.1 wpasupplicant 2.4-0ubuntu9.1 Ubuntu 16.04 LTS: hostapd 2.4-0ubuntu6.2 wpasupplicant 2.4-0ubuntu6.2 Ubuntu 14.04 LTS: hostapd 2.1-0ubuntu1.5 wpasupplicant 2.1-0ubuntu1.5 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3455-1 CVE-2016-4476, CVE-2016-4477, CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 Package Information: https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu9.1 https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.2 https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.5 . Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded. This update includes patches to mitigate the WPA2 protocol issues known as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data, hijack TCP connections, and to forge and inject packets. This is the list of vulnerabilities that are addressed here: CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake. CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake. CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake. CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. For more information, see: https://www.krackattacks.com/ https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz MD5 signatures: +-------------+ Slackware 14.0 package: d8ecfaadb50b3547967ab53733ffc019 wpa_supplicant-2.6-i486-1_slack14.0.txz Slackware x86_64 14.0 package: f25216d28800504ce498705da7c9a825 wpa_supplicant-2.6-x86_64-1_slack14.0.txz Slackware 14.1 package: 15c61050e4bab2581757befd86be74c0 wpa_supplicant-2.6-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 49fd537a520338744f7757615556d352 wpa_supplicant-2.6-x86_64-1_slack14.1.txz Slackware 14.2 package: c5539f40c8510af89be92945f0f80185 wpa_supplicant-2.6-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 4c527ff84fcdfd7839f217bbce2e4ae4 wpa_supplicant-2.6-x86_64-1_slack14.2.txz Slackware -current package: 28bd88a54e96368f7a7020c1f5fb67fe n/wpa_supplicant-2.6-i586-2.txz Slackware x86_64 -current package: 464fc6b48d1ac077f47e9a3a8534c160 n/wpa_supplicant-2.6-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:07.wpa Security Advisory The FreeBSD Project Topic: WPA2 protocol vulnerability Category: contrib Module: wpa Announced: 2017-10-16 Credits: Mathy Vanhoef Affects: All supported versions of FreeBSD. Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE) 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2) 2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13) 2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE) 2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1) 2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22) CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. 0. Revision history v1.0 2017-10-17 Initial release. v1.1 2017-10-19 Add patches for 10.x releases. I. hostapd and wpa_supplicant are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol. II. Problem Description A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. III. Impact Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. IV. Workaround An updated version of wpa_supplicant is available in the FreeBSD Ports Collection. Install version 2.6_2 or later of the security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf to use the new binary: wpa_supplicant_program="/usr/local/sbin/wpa_supplicant" and restart networking. An updated version of hostapd is available in the FreeBSD Ports Collection. Install version 2.6_1 or later of the net/hostapd port/pkg. Once installed, update /etc/rc.conf to use the new binary: hostapd_program="/usr/local/sbin/hostapd" and restart hostapd. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart the Wi-Fi network interfaces/hostapd or reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart the Wi-Fi network interfaces/hostapd or reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE] # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc # gpg --verify wpa-11.patch.asc [FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE] # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc # gpg --verify wpa-10.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r324697 releng/11.0/ r324698 releng/11.1/ r324699 stable/10/ r324739 releng/10.3/ r324740 releng/10.4/ r324741 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <URL:https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt> <URL:https://www.krackattacks.com/> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc> -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P auc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf uJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/ F/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp gN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM 4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0 VpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd OAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O y7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K xfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr SdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K ETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE= =h/5q -----END PGP SIGNATURE-----

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or "KRACK" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). The WPA2 wireless network has a GTK group key reload vulnerability in the fourth handshake. WPA2 is prone to multiple security weaknesses. Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: wpa_supplicant security update Advisory ID: RHSA-2017:2907-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2907 Issue date: 2017-10-17 CVE Names: CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 ===================================================================== 1. Summary: An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm aarch64: wpa_supplicant-2.6-5.el7_4.1.aarch64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.aarch64.rpm ppc64: wpa_supplicant-2.6-5.el7_4.1.ppc64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64.rpm ppc64le: wpa_supplicant-2.6-5.el7_4.1.ppc64le.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64le.rpm s390x: wpa_supplicant-2.6-5.el7_4.1.s390x.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.s390x.rpm x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-13077 https://access.redhat.com/security/cve/CVE-2017-13078 https://access.redhat.com/security/cve/CVE-2017-13080 https://access.redhat.com/security/cve/CVE-2017-13082 https://access.redhat.com/security/cve/CVE-2017-13086 https://access.redhat.com/security/cve/CVE-2017-13087 https://access.redhat.com/security/cve/CVE-2017-13088 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kracks 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-12-12-2 AirPort Base Station Firmware Update 7.7.9 AirPort Base Station Firmware Update 7.7.9 is now available and addresses the following: AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-9417: Nitay Artenstein of Exodus Intelligence AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: Firmware version 7.7.9 is installed on AirPort Extreme or AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS. AirPort Utility for Mac is a free download from https://support.apple.com/downloads/ and AirPort Utility for iOS is a free download from the App Store. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: Wi-Fi Update for Boot Camp 6.4.0 may be obtained from Apple Software Update for Windows. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant). An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2. For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1. For the testing distribution (buster), these problems have been fixed in version 2:2.4-1.1. For the unstable distribution (sid), these problems have been fixed in version 2:2.4-1.1. We recommend that you upgrade your wpa packages. ========================================================================== Ubuntu Security Notice USN-3455-1 October 16, 2017 wpa vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in wpa_supplicant. Software Description: - wpa: client support for WPA and WPA2 Details: Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: hostapd 2.4-0ubuntu9.1 wpasupplicant 2.4-0ubuntu9.1 Ubuntu 16.04 LTS: hostapd 2.4-0ubuntu6.2 wpasupplicant 2.4-0ubuntu6.2 Ubuntu 14.04 LTS: hostapd 2.1-0ubuntu1.5 wpasupplicant 2.1-0ubuntu1.5 After a standard system update you need to reboot your computer to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201711-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks Date: November 10, 2017 Bugs: #634436, #634438 ID: 201711-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A flaw was discovered in the 4-way handshake in hostapd and wpa_supplicant that allows attackers to conduct a Man in the Middle attack. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-wireless/hostapd < 2.6-r1 >= 2.6-r1 2 net-wireless/wpa_supplicant < 2.6-r3 >= 2.6-r3 ------------------------------------------------------------------- 2 affected packages Description =========== WiFi Protected Access (WPA and WPA2) and it's associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for details. Impact ====== An attacker can carry out the KRACK attacks on a wireless network in order to gain access to network clients. Once achieved, the attacker can potentially harvest confidential information (e.g. HTTP/HTTPS), inject malware, or perform a myriad of other attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All hostapd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.6-r1" All wpa_supplicant users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-wireless/wpa_supplicant-2.6-r3" References ========== [ 1 ] CVE-2017-13077 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13077 [ 2 ] CVE-2017-13078 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13078 [ 3 ] CVE-2017-13079 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13079 [ 4 ] CVE-2017-13080 . 6) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:07.wpa Security Advisory The FreeBSD Project Topic: WPA2 protocol vulnerability Category: contrib Module: wpa Announced: 2017-10-16 Credits: Mathy Vanhoef Affects: All supported versions of FreeBSD. Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE) 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2) 2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13) 2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE) 2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1) 2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22) CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. 0. Revision history v1.0 2017-10-17 Initial release. v1.1 2017-10-19 Add patches for 10.x releases. I. hostapd and wpa_supplicant are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol. II. Problem Description A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. III. Impact Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. IV. Workaround An updated version of wpa_supplicant is available in the FreeBSD Ports Collection. Install version 2.6_2 or later of the security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf to use the new binary: wpa_supplicant_program="/usr/local/sbin/wpa_supplicant" and restart networking. An updated version of hostapd is available in the FreeBSD Ports Collection. Install version 2.6_1 or later of the net/hostapd port/pkg. Once installed, update /etc/rc.conf to use the new binary: hostapd_program="/usr/local/sbin/hostapd" and restart hostapd. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart the Wi-Fi network interfaces/hostapd or reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart the Wi-Fi network interfaces/hostapd or reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE] # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc # gpg --verify wpa-11.patch.asc [FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE] # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc # gpg --verify wpa-10.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r324697 releng/11.0/ r324698 releng/11.1/ r324699 stable/10/ r324739 releng/10.3/ r324740 releng/10.4/ r324741 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <URL:https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt> <URL:https://www.krackattacks.com/> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc> -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P auc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf uJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/ F/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp gN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM 4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0 VpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd OAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O y7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K xfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr SdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K ETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE= =h/5q -----END PGP SIGNATURE-----

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or "KRACK" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). The WPA2 wireless network has a PTK-TK key reload vulnerability in the fourth handshake. WPA2 is prone to multiple security weaknesses. Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: wpa_supplicant security update Advisory ID: RHSA-2017:2907-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2907 Issue date: 2017-10-17 CVE Names: CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 ===================================================================== 1. Summary: An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1491692 - CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake 1491693 - CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake 1491696 - CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake 1491698 - CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it 1500302 - CVE-2017-13086 wpa_supplicant: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake 1500303 - CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame 1500304 - CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm aarch64: wpa_supplicant-2.6-5.el7_4.1.aarch64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.aarch64.rpm ppc64: wpa_supplicant-2.6-5.el7_4.1.ppc64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64.rpm ppc64le: wpa_supplicant-2.6-5.el7_4.1.ppc64le.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64le.rpm s390x: wpa_supplicant-2.6-5.el7_4.1.s390x.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.s390x.rpm x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-13077 https://access.redhat.com/security/cve/CVE-2017-13078 https://access.redhat.com/security/cve/CVE-2017-13080 https://access.redhat.com/security/cve/CVE-2017-13082 https://access.redhat.com/security/cve/CVE-2017-13086 https://access.redhat.com/security/cve/CVE-2017-13087 https://access.redhat.com/security/cve/CVE-2017-13088 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kracks 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-12-12-2 AirPort Base Station Firmware Update 7.7.9 AirPort Base Station Firmware Update 7.7.9 is now available and addresses the following: AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-9417: Nitay Artenstein of Exodus Intelligence AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: Firmware version 7.7.9 is installed on AirPort Extreme or AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS. AirPort Utility for Mac is a free download from https://support.apple.com/downloads/ and AirPort Utility for iOS is a free download from the App Store. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant). An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2. For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1. For the testing distribution (buster), these problems have been fixed in version 2:2.4-1.1. For the unstable distribution (sid), these problems have been fixed in version 2:2.4-1.1. We recommend that you upgrade your wpa packages. ========================================================================== Ubuntu Security Notice USN-3455-1 October 16, 2017 wpa vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in wpa_supplicant. Software Description: - wpa: client support for WPA and WPA2 Details: Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: hostapd 2.4-0ubuntu9.1 wpasupplicant 2.4-0ubuntu9.1 Ubuntu 16.04 LTS: hostapd 2.4-0ubuntu6.2 wpasupplicant 2.4-0ubuntu6.2 Ubuntu 14.04 LTS: hostapd 2.1-0ubuntu1.5 wpasupplicant 2.1-0ubuntu1.5 After a standard system update you need to reboot your computer to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201711-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks Date: November 10, 2017 Bugs: #634436, #634438 ID: 201711-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A flaw was discovered in the 4-way handshake in hostapd and wpa_supplicant that allows attackers to conduct a Man in the Middle attack. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-wireless/hostapd < 2.6-r1 >= 2.6-r1 2 net-wireless/wpa_supplicant < 2.6-r3 >= 2.6-r3 ------------------------------------------------------------------- 2 affected packages Description =========== WiFi Protected Access (WPA and WPA2) and it's associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for details. Impact ====== An attacker can carry out the KRACK attacks on a wireless network in order to gain access to network clients. Once achieved, the attacker can potentially harvest confidential information (e.g. HTTP/HTTPS), inject malware, or perform a myriad of other attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All hostapd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.6-r1" All wpa_supplicant users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-wireless/wpa_supplicant-2.6-r3" References ========== [ 1 ] CVE-2017-13077 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13077 [ 2 ] CVE-2017-13078 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13078 [ 3 ] CVE-2017-13079 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13079 [ 4 ] CVE-2017-13080 . 6) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:07.wpa Security Advisory The FreeBSD Project Topic: WPA2 protocol vulnerability Category: contrib Module: wpa Announced: 2017-10-16 Credits: Mathy Vanhoef Affects: All supported versions of FreeBSD. Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE) 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2) 2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13) 2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE) 2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1) 2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22) CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. 0. Revision history v1.0 2017-10-17 Initial release. v1.1 2017-10-19 Add patches for 10.x releases. I. hostapd and wpa_supplicant are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol. II. Problem Description A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. III. Impact Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. IV. Workaround An updated version of wpa_supplicant is available in the FreeBSD Ports Collection. Install version 2.6_2 or later of the security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf to use the new binary: wpa_supplicant_program="/usr/local/sbin/wpa_supplicant" and restart networking. An updated version of hostapd is available in the FreeBSD Ports Collection. Install version 2.6_1 or later of the net/hostapd port/pkg. Once installed, update /etc/rc.conf to use the new binary: hostapd_program="/usr/local/sbin/hostapd" and restart hostapd. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart the Wi-Fi network interfaces/hostapd or reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart the Wi-Fi network interfaces/hostapd or reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE] # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc # gpg --verify wpa-11.patch.asc [FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE] # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc # gpg --verify wpa-10.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r324697 releng/11.0/ r324698 releng/11.1/ r324699 stable/10/ r324739 releng/10.3/ r324740 releng/10.4/ r324741 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <URL:https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt> <URL:https://www.krackattacks.com/> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc> -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P auc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf uJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/ F/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp gN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM 4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0 VpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd OAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O y7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K xfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr SdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K ETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE= =h/5q -----END PGP SIGNATURE----- . Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded. This update includes patches to mitigate the WPA2 protocol issues known as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data, hijack TCP connections, and to forge and inject packets. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. For more information, see: https://www.krackattacks.com/ https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz MD5 signatures: +-------------+ Slackware 14.0 package: d8ecfaadb50b3547967ab53733ffc019 wpa_supplicant-2.6-i486-1_slack14.0.txz Slackware x86_64 14.0 package: f25216d28800504ce498705da7c9a825 wpa_supplicant-2.6-x86_64-1_slack14.0.txz Slackware 14.1 package: 15c61050e4bab2581757befd86be74c0 wpa_supplicant-2.6-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 49fd537a520338744f7757615556d352 wpa_supplicant-2.6-x86_64-1_slack14.1.txz Slackware 14.2 package: c5539f40c8510af89be92945f0f80185 wpa_supplicant-2.6-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 4c527ff84fcdfd7839f217bbce2e4ae4 wpa_supplicant-2.6-x86_64-1_slack14.2.txz Slackware -current package: 28bd88a54e96368f7a7020c1f5fb67fe n/wpa_supplicant-2.6-i586-2.txz Slackware x86_64 -current package: 464fc6b48d1ac077f47e9a3a8534c160 n/wpa_supplicant-2.6-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or "KRACK" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). The GTK group key reloading vulnerability exists in the WPA2 wireless network. WPA2 is prone to multiple security weaknesses. Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: Firmware version 7.6.9 is installed on AirPort Express, AirPort Extreme, or AirPort Time Capsule base stations with 802.11n using AirPort Utility for Mac or iOS. AirPort Utility for Mac is a free download from https://support.apple.com/downloads/ and AirPort Utility for iOS is a free download from the App Store. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant). An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2. For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1. For the testing distribution (buster), these problems have been fixed in version 2:2.4-1.1. For the unstable distribution (sid), these problems have been fixed in version 2:2.4-1.1. We recommend that you upgrade your wpa packages. * CVE-2017-13080 CVE Revision Information: ===================== CVE-2017-13080 - Title: CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance - Reason for Revision: CVE-2017-13080 has been added to the October 2017 security release in lieu of ADV170016, which has been deprecated. CVE-2017-13080 was released as part of a multi-vendor coordinated disclosure. Please see the FAQ for more information. - Originally posted: October 16, 2017 - Updated: N/A - CVE Severity Rating: Important - Version: 1.0 Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at . ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at . If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: . These settings will not affect any newsletters youave requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: . This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) - not licensed for commercial use: www.pgp.com Charset: utf-8 wsFVAwUBWeTb2vsCXwi14Wq8AQimsw//UE92KMajVPARF4zMmfyQnbypCJhwOhsG n7uhJwIF8STYnUDQPfjDPGzmJSDIiQTg3PeewAzg+Ib3GZCsPdUQHMEl/DfGLFWy k814Bh158GDGvWIwDYkIgn1cRrdFP63gVg13ImvgCA2i8KOg9gy1LcnJ1tkIuHAJ bv22fe3zT9PgfLArRpm/nb3qMRnx/VRkTeS80y/RW2a2tkPSzyqLBRgZEP7t+RxJ M4G7cFRS0xpLrPE7PYn8f+tdjA04dWPO77eLOG+gDSpK5mFc8ccdjW2VoKJlRT0I i2HESEZipsuVDd4X3lkl5BigtxdKFTNDIFhE/m3pybDTbjClhjSHF+SR7T8yCOO8 fiXm1Nt0201321dhlNrtxGFV5+Q1lixO0+X7XDGCiZFTECs18vpGrDNZGQGqJ7Hj gmdSCNnfW7tashCXAIUtvoHTzK6v0hLh4ufelvdNgw8+qLUB6Z9RmrHzCHRm/i2p IuCtzp4GlPE0cBz3kUPmS0VYrYddEPS/n/vffeQpfAbbFENclTrEwTTxEYkP/vC0 qh2DNFCKnpvs8EUz/dtAdBuDaF3zuENMf/LJJf1EKOnp06b0JsRYDplKKgICgxrF kpFoAwAE14+KYcEUQhP6/jvDJXmWfMRk60Bsbs0qsfTAsFL7O9z0NrjI5xZEjF3j OYE0vOnWj3g= =2086 -----END PGP SIGNATURE----- . ========================================================================== Kernel Live Patch Security Notice LSN-0036-1 April 2, 2018 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu: | Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency | Summary: Several security issues were fixed in the kernel. (CVE-2017-13080) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |-----------------+----------+--------------------------| | 4.4.0-116.140 | 33.2 | generic, lowlatency | | lts-4.4.0-116.140_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | Additionally, you should install an updated kernel with these fixes and reboot at your convienience. References: CVE-2017-13080, CVE-2017-16995 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: wpa_supplicant security update Advisory ID: RHSA-2017:2911-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2911 Issue date: 2017-10-18 CVE Names: CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13087 ===================================================================== 1. Summary: An update for wpa_supplicant is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: wpa_supplicant-0.7.3-9.el6_9.2.src.rpm i386: wpa_supplicant-0.7.3-9.el6_9.2.i686.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.i686.rpm x86_64: wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: wpa_supplicant-0.7.3-9.el6_9.2.src.rpm x86_64: wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: wpa_supplicant-0.7.3-9.el6_9.2.src.rpm i386: wpa_supplicant-0.7.3-9.el6_9.2.i686.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.i686.rpm ppc64: wpa_supplicant-0.7.3-9.el6_9.2.ppc64.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.ppc64.rpm s390x: wpa_supplicant-0.7.3-9.el6_9.2.s390x.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.s390x.rpm x86_64: wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: wpa_supplicant-0.7.3-9.el6_9.2.src.rpm i386: wpa_supplicant-0.7.3-9.el6_9.2.i686.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.i686.rpm x86_64: wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-13077 https://access.redhat.com/security/cve/CVE-2017-13078 https://access.redhat.com/security/cve/CVE-2017-13080 https://access.redhat.com/security/cve/CVE-2017-13087 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kracks 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZ532DXlSAg2UNWIIRAmNrAJ457grVhs+YRM14Uj6tqX+h6MUVogCeO1Zt /eWXkX6lTADNbQcG9BzF4m8= =hdov -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-12-6-2 iOS 11.2 iOS 11.2 addresses the following: IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues were addressed through improved state management. CVE-2017-13847: Ian Beer of Google Project Zero IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privilege Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13879: Apple IOSurface Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13861: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13862: Apple CVE-2017-13876: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-13833: Brandon Azad Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A type confusion issue was addressed with improved memory handling. CVE-2017-13855: Jann Horn of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13867: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13865: Ian Beer of Google Project Zero CVE-2017-13868: Brandon Azad CVE-2017-13869: Jann Horn of Google Project Zero Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Incorrect certificate is used for encryption Description: A S/MIME issue existed in the handling of encrypted email. This issue was addressed through improved selection of the encryption certificate. CVE-2017-13874: an anonymous researcher Mail Drafts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker with a privileged network position may be able to intercept mail Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control. CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH Wi-Fi Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2, and iPod touch 6th generation Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016) and later in iOS 11.1. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "11.2". Alternatively, on your watch, select "My Watch > General > About". Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded. This update includes patches to mitigate the WPA2 protocol issues known as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data, hijack TCP connections, and to forge and inject packets. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. For more information, see: https://www.krackattacks.com/ https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz MD5 signatures: +-------------+ Slackware 14.0 package: d8ecfaadb50b3547967ab53733ffc019 wpa_supplicant-2.6-i486-1_slack14.0.txz Slackware x86_64 14.0 package: f25216d28800504ce498705da7c9a825 wpa_supplicant-2.6-x86_64-1_slack14.0.txz Slackware 14.1 package: 15c61050e4bab2581757befd86be74c0 wpa_supplicant-2.6-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 49fd537a520338744f7757615556d352 wpa_supplicant-2.6-x86_64-1_slack14.1.txz Slackware 14.2 package: c5539f40c8510af89be92945f0f80185 wpa_supplicant-2.6-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 4c527ff84fcdfd7839f217bbce2e4ae4 wpa_supplicant-2.6-x86_64-1_slack14.2.txz Slackware -current package: 28bd88a54e96368f7a7020c1f5fb67fe n/wpa_supplicant-2.6-i586-2.txz Slackware x86_64 -current package: 464fc6b48d1ac077f47e9a3a8534c160 n/wpa_supplicant-2.6-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script. PRTG Network Monitor Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PaesslerPRTGNetworkMonitor is a network monitoring software from Paessler, Germany. The software provides usage monitoring, packet sniffing, in-depth analysis, and concise reporting. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML

/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change. AIRTAME HDMI Dongle firmware contains a session fixation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AIRTAMEHDMIdongle is a wireless access point product for connecting, sharing and split-screen TVs or monitors. There is a security vulnerability in the /bin/login.php file of WebPanel in AirtameHDMIdongle with firmware version 3.0

A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. Fortinet FortiWLC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortinetFortiWLC is a network management device. Fortinet FortiWLC is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following versions are vulnerable: FortiWLC 6.1-2, 6.1-4 and 6.1-5 FortiWLC 7.0-7, 7.0-8, 7.0-9, 7.0-10 FortiWLC 8.0, 8.1, 8.2 and 8.3.0 through 8.3.2. Fortinet FortiWLC is a wireless LAN controller from Fortinet. The following versions are affected: Fortinet FortiWLC Version 6.1-2, Version 6.1-4, Version 6.1-5, Version 7.0-7, Version 7.0-8, Version 7.0-9, Version 7.0-10, Version 8.0, Version 8.1, Version 8.2 , version 8.3.0-8.3.2

Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service against the target. Repeated traffic in a cluster may cause repeated flip-flop failure operations or full failure to the flowd daemon halting traffic on all nodes. Only IPv6 traffic is affected by this issue. IPv4 traffic is unaffected. This issues is not seen with to-host traffic. This issue has no relation with HA services themselves, only the ALG service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55 on SRX; 12.1X47 prior to 12.1X47-D45 on SRX; 12.3X48 prior to 12.3X48-D32, 12.3X48-D35 on SRX; 15.1X49 prior to 15.1X49-D60 on SRX. Juniper Networks Junos OS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. JunosOS is a set of operating systems running on it. Sun/MS-RPCALGservicescomponent is one of the Sun/MS-RPCALG service components. A security vulnerability exists in the Sun/MS-RPCALG service component of JunosOS in the Juniper SRX family of devices

An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization. The MultiFLEX M10a Controller is a water treatment controller. MultiFLEX M10a Controller is prone to the following multiple security vulnerabilities: 1. Multiple security-bypass vulnerabilities 2. An information-disclosure vulnerability 3. A cross-site request-forgery vulnerability Exploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gaining unauthorized access to the affected device and obtaining sensitive information; other attacks are also possible. Web interface is one of the web management interfaces

Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field. TP-LINK TL-MR3220 Wireless routers contain a cross-site scripting vulnerability.Information may be obtained and information may be altered. TP-LINKTL-MR3220wirelessrouters is a wireless router product from China Unicom (TP-LINK)

An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's password, enabling future access and possible configuration changes. The MultiFLEX M10a Controller is a water treatment controller. MultiFLEX M10a Controller is prone to the following multiple security vulnerabilities: 1. Multiple security-bypass vulnerabilities 2. An information-disclosure vulnerability 3. A cross-site request-forgery vulnerability Exploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gaining unauthorized access to the affected device and obtaining sensitive information; other attacks are also possible. Web interface is one of the web management interfaces

An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When an authenticated user uses the Change Password feature on the application, the current password for the user is specified in plaintext. This may allow an attacker who has been authenticated to gain access to the password. The MultiFLEX M10a Controller is a water treatment controller. MultiFLEX M10a Controller is prone to the following multiple security vulnerabilities: 1. Multiple security-bypass vulnerabilities 2. An information-disclosure vulnerability 3. A cross-site request-forgery vulnerability Exploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gaining unauthorized access to the affected device and obtaining sensitive information; other attacks are also possible. Web interface is one of the web management interfaces

A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unauthorized code, resulting in changes to the configuration of the device. The MultiFLEX M10a Controller is a water treatment controller. MultiFLEX M10a Controller is prone to the following multiple security vulnerabilities: 1. Multiple security-bypass vulnerabilities 2. An information-disclosure vulnerability 3. A cross-site request-forgery vulnerability Exploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gaining unauthorized access to the affected device and obtaining sensitive information; other attacks are also possible. Web interface is one of the web management interfaces

A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user. ProMinent MultiFLEX M10a Controller of Web The interface contains vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MultiFLEX M10a Controller is a water treatment controller. MultiFLEX M10a Controller is prone to the following multiple security vulnerabilities: 1. Multiple security-bypass vulnerabilities 2. An information-disclosure vulnerability 3. A cross-site request-forgery vulnerability Exploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gaining unauthorized access to the affected device and obtaining sensitive information; other attacks are also possible. Web interface is one of the web management interfaces

Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration data. While other products also ship with a TPM, no other products or platforms are affected by this vulnerability. Customers can confirm the version of TPM firmware via the 'show security tpm status' command. This issue was discovered by an external security researcher. No other Juniper Networks products or platforms are affected by this issue. TrustedPlatformModule (TPM) is one of the test platform modules. An attacker could exploit the vulnerability to decrypt sensitive information

A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests. Fortinet FortiMail Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiMail 5.1 and prior, 5.2.0 through 5.2.9 and 5.3.0 through 5.3.9 are vulnerable. Fortinet FortiMail is an email information security device from Fortinet, which provides information filtering engine, anti-spam and threat defense functions. Filter user-submitted input

A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D50; 14.1 prior to 14.1R8-S5, 14.1R9; 14.1X53 prior to 14.1X53-D50; 14.2 prior to 14.2R7-S9, 14.2R8; 15.1 prior to 15.1F2-S16, 15.1F5-S7, 15.1F6-S6, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D90; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R4-S1, 16.1R5; 16.2 prior to 16.2R1-S3, 16.2R2;. Juniper Networks Junos OS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following releases are affected: Juniper Junos OS Release 12.1X46, Release 12.3X48, Release 14.1, Release 14.1X53, Release 14.2, Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.2

Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110;. Juniper SRX series device is a series of firewall products of Juniper Networks (Juniper Networks). Junos OS is a set of operating systems running on it