Debian LTS: DLA-1150-1 Critical: WPA Replay Attack Security Update
debian lts
October 31, 2017
A vulnerability was found in how WPA code can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys
Topics Covered
Summary
CVE-2017-13077
Reinstallation of the pairwise encryption key (PTK-TK) in the
4-way handshake.
CVE-2017-13078
Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079
Reinstallation of the integrity group key (IGTK) in the 4-way
handshake.
CVE-2017-13080
Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081
Reinstallation of the integrity group key (IGTK) in the group key
handshake.
CVE-2017-13082
Accepting a retransmitted Fast BSS Transition (FT) Reassociation
Request and reinstalling the pairwise encryption key (PTK-TK)
while processing it.
CVE-2017-13084
Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086
reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey
(TPK) key in the TDLS handshake.
CVE-2017-13087
reinstallation of the group key (GTK) when processing a Wireless
Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: wpa
Version: 1.0-3+deb7u5
CVE ID: CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!