CVE-2017-13088 in Ubuntu

CVE-2017-13088

Priority

High

Description

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows
reinstallation of the Integrity Group Temporal Key (IGTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame, allowing an
attacker within radio range to replay frames from access points to clients.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088
https://www.krackattacks.com/
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
https://usn.ubuntu.com/usn/usn-3455-1

Assigned-to

mdeslaur

Package

Source: wpa (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (2.1-0ubuntu1.5)
Ubuntu 16.04 LTS (Xenial Xerus):	released (2.4-0ubuntu6.2)
Ubuntu 17.04 (Zesty Zapus):	released (2.4-0ubuntu9.1)
Ubuntu 17.10 (Artful Aardvark):	released (2.4-0ubuntu10)

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-12-15 20:35:42 UTC (commit 13913)