ID

VAR-201710-0207

CVE

CVE-2017-13080

TITLE

Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

DESCRIPTION

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or "KRACK" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). The GTK group key reloading vulnerability exists in the WPA2 wireless network. CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. Alternatively, on your watch, select "My Watch > General > About". AirPort Utility for Mac is a free download from https://support.apple.com/downloads/ and AirPort Utility for iOS is a free download from the App Store. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant). An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2. For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1. For the testing distribution (buster), these problems have been fixed in version 2:2.4-1.1. For the unstable distribution (sid), these problems have been fixed in version 2:2.4-1.1. We recommend that you upgrade your wpa packages. * ADV170018 CVE Revision Information: ===================== CVE-2017-13080 - Title: ADV170018 | October 2017 Flash Update - https://portal.msrc.microsoft.com/en-us/security-guidance - Reason for Revision: The October Adobe Flash Security Update is available for installation. See https://support.microsoft.com/ en-us/help/4049179 for more information. - Originally posted: October 17, 2017 - Updated: N/A - CVE Severity Rating: Critical - Version: 1.0 Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at <https://technet.microsoft.com/security/dn753714>. ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>. If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: <https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>. These settings will not affect any newsletters youave requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: <http://www.microsoft.com/info/legalinfo/default.mspx>. This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) - not licensed for commercial use: www.pgp.com Charset: utf-8 wsFVAwUBWeY7FvsCXwi14Wq8AQibMw/9HB/Dclpw74jADq8uMxo5mm+ZFGZ9gXqW pTdHL3HrzNqzsM/7oq1sYdzVqN2j35pXMpPmJnjt9ewhma0G+IKwwtu7efFelhUd bEB8o5KLREJJLnDVHWAfAEVvFqx15E7hbQdjQdwvK+fT26W7QwyyUnQt9akTR9bS v3B/GKLuacopPD7G/+v3g2N51NBbp1STidNTbOqbExK/UDqZBbkLs4XoC6FORXMY kdUzSuWPuDVQneqOpQlC9O2M7+f6qWWdVG67F44tD6e575eToCf0LVjsLIPEMx06 iuK0alu4HnUi3mwTpruwkrFANJlL0y6o6uwfBt/QQ/RQoe6EeBmQOvFB6jTa8fQ7 ydHIMTKgxCJQMzUGrrkr0F+M0S0yZkW5Pq90eZxLtvxAypJSbPlH3ET4h4hIeuqv 38eOg5Pb5FkBdaMaP0VqeI/k/Ur5TRHvLSBWp5jgZi6CMKb8srfTmR53vs5Igtgb Tsh10G0bXAExWWE/pqmQs+rW03/ElM5JoH8/wS9tG4M3UNvsnR2CUz2KbIvQcJFt DG34sh3Z5HztbGmkWUxWwORcUrvW0U6DnP1U4D6uSmcSZrO5dwIHTIA4kECw7Ret SjhMDbo9s2Y75VBb1ilIbQY3AnzT2q2j6t3kJnyh3IjmMP96bhmdF1FF4apToAUv TVE4JSTK9HY= =G8zY -----END PGP SIGNATURE----- . Software Description: - linux-firmware: Firmware for Linux kernel drivers Details: Mathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. ========================================================================== Kernel Live Patch Security Notice LSN-0036-1 April 2, 2018 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu: | Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency | Summary: Several security issues were fixed in the kernel. (CVE-2017-13080) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |-----------------+----------+--------------------------| | 4.4.0-116.140 | 33.2 | generic, lowlatency | | lts-4.4.0-116.140_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | Additionally, you should install an updated kernel with these fixes and reboot at your convienience. References: CVE-2017-13080, CVE-2017-16995 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: wpa_supplicant security update Advisory ID: RHSA-2017:2911-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2911 Issue date: 2017-10-18 CVE Names: CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13087 ===================================================================== 1. Summary: An update for wpa_supplicant is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: wpa_supplicant-0.7.3-9.el6_9.2.src.rpm i386: wpa_supplicant-0.7.3-9.el6_9.2.i686.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.i686.rpm x86_64: wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: wpa_supplicant-0.7.3-9.el6_9.2.src.rpm x86_64: wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: wpa_supplicant-0.7.3-9.el6_9.2.src.rpm i386: wpa_supplicant-0.7.3-9.el6_9.2.i686.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.i686.rpm ppc64: wpa_supplicant-0.7.3-9.el6_9.2.ppc64.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.ppc64.rpm s390x: wpa_supplicant-0.7.3-9.el6_9.2.s390x.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.s390x.rpm x86_64: wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: wpa_supplicant-0.7.3-9.el6_9.2.src.rpm i386: wpa_supplicant-0.7.3-9.el6_9.2.i686.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.i686.rpm x86_64: wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-13077 https://access.redhat.com/security/cve/CVE-2017-13078 https://access.redhat.com/security/cve/CVE-2017-13080 https://access.redhat.com/security/cve/CVE-2017-13087 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kracks 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZ532DXlSAg2UNWIIRAmNrAJ457grVhs+YRM14Uj6tqX+h6MUVogCeO1Zt /eWXkX6lTADNbQcG9BzF4m8= =hdov -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-12-6-2 iOS 11.2 iOS 11.2 addresses the following: IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues were addressed through improved state management. CVE-2017-13847: Ian Beer of Google Project Zero IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privilege Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13879: Apple IOSurface Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13861: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13862: Apple CVE-2017-13876: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-13833: Brandon Azad Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A type confusion issue was addressed with improved memory handling. CVE-2017-13855: Jann Horn of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13867: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13865: Ian Beer of Google Project Zero CVE-2017-13868: Brandon Azad CVE-2017-13869: Jann Horn of Google Project Zero Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Incorrect certificate is used for encryption Description: A S/MIME issue existed in the handling of encrypted email. This issue was addressed through improved selection of the encryption certificate. CVE-2017-13874: an anonymous researcher Mail Drafts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker with a privileged network position may be able to intercept mail Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control. CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH Wi-Fi Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2, and iPod touch 6th generation Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016) and later in iOS 11.1. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "11.2"

IOT TAXONOMY

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote or local

TYPE

security feature problem

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Apple

SOURCES

LAST UPDATE DATE

2025-02-20T21:23:32.821000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE