漏洞信息详情
WPA和WPA2 安全特征问题漏洞
- CNNVD编号:CNNVD-201710-381
- 危害等级: 中危
- CVE编号: CVE-2017-13078
- 漏洞类型: 安全特征问题
- 发布时间: 2017-10-17
- 威胁类型: 远程或本地
- 更新时间: 2020-11-23
- 厂 商: w1.fi
- 漏洞来源: Mathy Vanhoef from...
漏洞简介
WPA和WPA2都是美国Wi-Fi联盟(Wi-Fi Alliance)的一套Wi-Fi访问保护方案,包括安全协议和安全认证程序。
多个厂商提供的WiFi产品中的WPA和WPA2存在安全漏洞。攻击者可利用该漏洞在四次握手中重新安装组密钥(GTK)。以下产商提供的产品受到影响:Aruba Networks;Cisco;Espressif Systems;Fortinet, Inc.;FreeBSD Project;Google;HostAP;Intel Corporation;Juniper Networks;Microchip Technology;Microsoft Corporation;OpenBSD;Peplink;Red Hat, Inc;Samsung Mobile。更多详情请查看参考链接。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://www.wi-fi.org/security-update-october-2017
参考网址
来源:CONFIRM
链接:https://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/HT208220
来源:CONFIRM
链接:https://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/HT208222
来源:CONFIRM
链接:https://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/HT208221
来源:BID
链接:https://www.securityfocus.com/bid/101274
来源:CONFIRM
链接:http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
来源:DEBIAN
链接:https://www.debian.org/security/2017/dsa-3999
来源:GENTOO
链接:https://security.gentoo.org/glsa/201711-03
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2017:2907
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.HTML
来源:SECTRACK
链接:http://www.securitytracker.com/id/1039581
来源:CONFIRM
链接:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.HTML
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2018/11/msg00015.HTML
来源:CONFIRM
链接:https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
来源:CERT-VN
链接:http://www.kb.cert.org/vuls/id/228519
来源:CONFIRM
链接:https://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/HT208219
来源:SECTRACK
链接:http://www.securitytracker.com/id/1039585
来源:CONFIRM
链接:https://source.CMS.zone.ci/e/tags/htag.php?tag=Android target=_blank class=infotextkey>Android.com/security/bulletin/2017-11-01
来源:CONFIRM
链接:https://support.lenovo.com/us/en/product_security/LEN-17420
来源:CONFIRM
链接:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.HTML
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2017:2911
来源:UBUNTU
链接:http://www.ubuntu.com/usn/USN-3455-1
来源:CISCO
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
来源:MISC
链接:https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
来源:CONFIRM
链接:https://cert.vde.com/en-us/advisories/vde-2017-003
来源:MISC
链接:https://www.krackattacks.com/
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.HTML
来源:CONFIRM
链接:https://cert.vde.com/en-us/advisories/vde-2017-005
来源:FREEBSD
链接:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
来源:CONFIRM
链接:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
来源:CONFIRM
链接:https://access.redhat.com/security/vulnerabilities/kracks
来源:SECTRACK
链接:http://www.securitytracker.com/id/1039577
来源:SECTRACK
链接:http://www.securitytracker.com/id/1039578
来源:SECTRACK
链接:http://www.securitytracker.com/id/1039576
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.HTML
来源:SECTRACK
链接:http://www.securitytracker.com/id/1039573
来源:www.securityfocus.com
链接:http://www.securityfocus.com/bid/101274
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4125/
受影响实体
- W1.Fi Hostapd:0.5.8
- W1.Fi Hostapd:0.5.9
- W1.Fi Hostapd:0.5.10
- W1.Fi Hostapd:0.5.11
- W1.Fi Hostapd:0.6.8
补丁
- 多款WiFi产品WPA2 安全漏洞的修复措施
评论