[PLUG] WPA2 vulnerability

David Bridges dbridges at austin.rr.com
Mon Oct 16 20:03:57 UTC 2017


Using Debian (sid) here, wpasupplicant was upgraded this morning and
from the changelog it appears that it addresses the vulnerabilities. 


wpa (2:2.4-1.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix multiple issues in WPA protocol (CVE-2017-13077, CVE-2017-
13078,
    CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
    CVE-2017-13086, CVE-2017-13087, CVE-2017-13088):
    - hostapd: Avoid key reinstallation in FT handshake
    - Prevent reinstallation of an already in-use group key
    - Extend protection of GTK/IGTK reinstallation of
    - Fix TK configuration to the driver in EAPOL-Key 3/4
    - Prevent installation of an all-zero TK
    - Fix PTK rekeying to generate a new ANonce
    - TDLS: Reject TPK-TK reconfiguration
    - WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode
    - WNM: Ignore WNM-Sleep Mode Response without pending
    - FT: Do not allow multiple Reassociation Response frames
    - TDLS: Ignore incoming TDLS Setup Response retries


On Mon, 2017-10-16 at 12:07 -0700, Dick Steffens wrote:
> Have people looked in to this:
> 
> https://apnews.com/743db922a4d2473a8745ce54c134c33a/Researchers-disco
> ver-vulnerability-affecting-Wi-Fi-security
> 
> If so, how have you handled it?
> 



More information about the PLUG mailing list