Vulnerability CVE-2017-13080: Information

Description

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-13080

Published: Oct. 17, 2017

Modified: Nov. 11, 2020

Error type identifier: CWE-330

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
hostapd	sisyphus	2.6-alt2	2.10-alt2	ALT-PU-2017-2440-1	190880	Fixed
hostapd	p10	2.6-alt2	2.10-alt2	ALT-PU-2017-2440-1	190880	Fixed
hostapd	p9	2.6-alt2	2.9-alt2	ALT-PU-2017-2440-1	190880	Fixed
hostapd	c10f1	2.6-alt2	2.10-alt2	ALT-PU-2017-2440-1	190880	Fixed
hostapd	c9f2	2.6-alt2	2.10-alt2	ALT-PU-2017-2440-1	190880	Fixed
kernel-image-std-def	sisyphus	4.9.63-alt1	6.1.91-alt1	ALT-PU-2017-2664-1	194882	Fixed
kernel-image-std-def	p10	4.9.63-alt1	5.10.216-alt1	ALT-PU-2017-2664-1	194882	Fixed
kernel-image-std-def	p9	4.9.63-alt1	5.4.275-alt1	ALT-PU-2017-2664-1	194882	Fixed
kernel-image-std-def	p8	4.9.63-alt0.M80P.1	4.9.337-alt0.M80P.1	ALT-PU-2017-2673-1	194888	Fixed
kernel-image-std-def	c9f2	4.9.63-alt1	5.10.214-alt0.c9f.2	ALT-PU-2017-2664-1	194882	Fixed
kernel-image-std-def	c7	4.4.103-alt0.M70C.1.1	4.4.277-alt0.M70C.1	ALT-PU-2017-2742-1	195827	Fixed
kernel-image-std-pae	p8	4.4.99-alt0.M80P.1	4.4.159-alt0.M80P.1	ALT-PU-2017-2675-1	194889	Fixed
kernel-image-std-pae	c9f2	4.4.99-alt1	4.19.72-alt1	ALT-PU-2017-2667-1	194887	Fixed
kernel-image-un-def	sisyphus	4.13.14-alt1	6.6.31-alt1	ALT-PU-2017-2665-1	194883	Fixed
kernel-image-un-def	p10	4.13.14-alt1	6.1.85-alt1	ALT-PU-2017-2665-1	194883	Fixed
kernel-image-un-def	p9	4.13.14-alt1	5.10.216-alt2	ALT-PU-2017-2665-1	194883	Fixed
kernel-image-un-def	p8	4.13.14-alt0.M80P.1	4.19.310-alt0.M80P.1	ALT-PU-2017-2678-1	194895	Fixed
kernel-image-un-def	c10f1	4.13.14-alt1	6.1.85-alt0.c10f.1	ALT-PU-2017-2665-1	194883	Fixed
kernel-image-un-def	c9f2	4.13.14-alt1	5.10.29-alt2	ALT-PU-2017-2665-1	194883	Fixed
kernel-image-un-def	c7	4.9.66-alt0.M70C.1.1	4.9.277-alt0.M70C.1	ALT-PU-2017-2746-1	195825	Fixed
wpa_supplicant	sisyphus	2.6-alt2	2.10-alt2	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	p10	2.6-alt2	2.10-alt2	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	p9	2.6-alt2	2.9-alt4	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	p8	2.6-alt1.M80P.1	2.6-alt1.M80P.1	ALT-PU-2017-2455-1	190972	Fixed
wpa_supplicant	c10f1	2.6-alt2	2.10-alt2	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	c9f2	2.6-alt2	2.10-alt2	ALT-PU-2017-2441-1	190880	Fixed
wpa_supplicant	c7	2.6-alt1.M70C.1	2.6-alt1.M70C.1	ALT-PU-2017-2445-1	190889	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.krackattacks.com/	Technical Description Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080	Vendor Advisory
VU#228519	Third Party Advisory US Government Resource
1039585	Third Party Advisory VDB Entry
1039581	Third Party Advisory VDB Entry
1039578	Third Party Advisory VDB Entry
1039577	Third Party Advisory VDB Entry
1039576	Third Party Advisory VDB Entry
1039573	Third Party Advisory VDB Entry
1039572	Third Party Advisory VDB Entry
101274	Third Party Advisory VDB Entry
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt	Third Party Advisory
20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II	Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-17420	Third Party Advisory
FreeBSD-SA-17:07	Third Party Advisory
https://access.redhat.com/security/vulnerabilities/kracks	Third Party Advisory
RHSA-2017:2911	Third Party Advisory
RHSA-2017:2907	Third Party Advisory
USN-3455-1	Third Party Advisory
DSA-3999	Third Party Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt	Third Party Advisory
openSUSE-SU-2017:2755	Third Party Advisory
SUSE-SU-2017:2752	Third Party Advisory
SUSE-SU-2017:2745	Third Party Advisory
1039703
GLSA-201711-03
https://support.apple.com/HT208222
https://support.apple.com/HT208221
https://support.apple.com/HT208220
https://support.apple.com/HT208219
https://source.android.com/security/bulletin/2017-11-01
https://support.apple.com/HT208334
https://support.apple.com/HT208327
https://support.apple.com/HT208325
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
https://cert.vde.com/en-us/advisories/vde-2017-005
https://cert.vde.com/en-us/advisories/vde-2017-003
[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html

Affected configurations:
1. Configuration 1
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*
  cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*
  cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*
  cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*
  cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*
  
  Configuration 2
  cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*
  cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*
  cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*
  cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*

Version: v24.5.1

Vulnerability CVE-2017-13080: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3