Vulnerabilities > CVE-2017-13080 - Use of Insufficiently Random Values vulnerability in multiple products

047910
CVSS 5.3 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE

Summary

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

Vulnerable Configurations

Part Description Count
OS
Debian
2
OS
Freebsd
5
OS
Canonical
3
OS
Opensuse
2
OS
Redhat
2
OS
Suse
7
Application
W1.Fi
64

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Brute Force
    In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space. Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since elimination of patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers. Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyWindows
    NASL idINTEL_SA_00101_WLAN.NASL
    descriptionThe Intel wireless network adapter driver installed on the remote host is affected by multiple vulnerabilities in the WPA2 protocol. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-31
    modified2017-10-17
    plugin id103870
    published2017-10-17
    reporterThis script is Copyright (C) 2007-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103870
    titleIntel Wireless Driver Wi-Fi Protected Access II (WPA2) Multiple Vulnerabilities (KRACK)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(103870);
      script_version("1.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2017-13080", "CVE-2017-13081");
      script_bugtraq_id(101274);
      script_xref(name:"CERT", value:"228519");
      script_xref(name:"IAVA", value:"2017-A-0310");
    
      script_name(english:"Intel Wireless Driver Wi-Fi Protected Access II (WPA2) Multiple Vulnerabilities (KRACK)");
    
      script_set_attribute(attribute:"synopsis", value:
    "A wireless network adapter driver on the remote host is affected by multiple protocol vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The Intel wireless network adapter driver installed on the remote host is affected by multiple vulnerabilities in the
    WPA2 protocol.
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      # https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00101.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9bb24c68");
      script_set_attribute(attribute:"see_also", value:"https://www.krackattacks.com/");
      script_set_attribute(attribute:"solution", value:"Update your network adapter driver as per the advisory.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-13080");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_set_attribute(attribute:"in_the_news", value:"true");
    
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:intel:dual_band_wireless-ac_3160");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:intel:dual_band_wireless-ac_3160");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:intel:dual_band_wireless-ac_3165");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:intel:dual_band_wireless-ac_3165");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:intel:dual_band_wireless-ac_3168");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:intel:dual_band_wireless-ac_3168");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:intel:dual_band_wireless-ac_7260");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:intel:dual_band_wireless-ac_7260");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:intel:dual_band_wireless-ac_7265");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:intel:dual_band_wireless-ac_7265");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:intel:dual_band_wireless-ac_8260");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:intel:dual_band_wireless-ac_8260");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:intel:dual_band_wireless-ac_8265");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:intel:dual_band_wireless-ac_8265");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:intel:dual_band_wireless-ac_9260");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:intel:dual_band_wireless-ac_9260");
    
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2007-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("smb_enum_network_adapters.nasl");
      script_require_keys("SMB/Registry/Enumerated");
      exit(0);
    }
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    
    get_kb_item_or_exit('SMB/Registry/Enumerated');
    
    adapters = get_kb_list('SMB/Registry/HKLM/SYSTEM/CurrentControlSet/Control/Class/{4d36e972-e325-11ce-bfc1-08002be10318}/*/DriverDesc');
    
    if (max_index(keys(adapters)) == 0)
      audit(AUDIT_HOST_NOT, 'affected');
    
    report = '';
    foreach desc_kb (keys(adapters))
    {
      desc = get_kb_item(desc_kb);
      version_kb = desc_kb - '/DriverDesc' + '/DriverVersion';
      version = get_kb_item(version_kb);
      fixed = NULL;
    
      # Intel(r) Dual Band Wireless-AC 3160 18.x.x.x < 18.33.9.3
      if (desc == 'Intel(R) Dual Band Wireless-AC 3160')
      {
        if (version =~ "^18\.")
          fixed = "18.33.9.3";
      }
      # Intel(r) Dual Band Wireless-AC 3165 19.10.x.x < 19.10.9.2, 19.51.x.x < 19.51.7.2
      else if (desc == 'Intel(R) Dual Band Wireless-AC 3165')
      {
        if (version =~ "^19\.10\.")
          fixed = '19.10.9.2';
        else if (version =~ "^19\.51\.")
          fixed = '19.51.7.2';
      }
      # Intel(r) Dual Band Wireless-AC 3168 19.10.x.x < 19.10.9.2, 19.51.x.x < 19.51.7.2
      else if (desc == 'Intel(R) Dual Band Wireless-AC 3168')
      {
        if (version =~ "^19\.10\.")
          fixed = '19.10.9.2';
        else if (version =~ "^19\.51\.")
          fixed = '19.51.7.2';
      }
      # Intel(r) Dual Band Wireless-AC 7260 18.x.x.x < 18.33.9.3
      else if (desc == 'Intel(R) Dual Band Wireless-AC 7260')
      {
        if (version =~ "^18\.")
          fixed = '18.33.9.3';
      }
      # Intel(r) Dual Band Wireless-AC 7265 19.10.x.x < 19.10.9.2, 19.51.x.x < 19.51.7.2
      else if (desc == 'Intel(R) Dual Band Wireless-AC 7265')
      {
        if (version =~ "^19\.10\.")
          fixed = '19.10.9.2';
        else if (version =~ "^19\.51\.")
          fixed = '19.51.7.2';
      }
      # Intel(r) Dual Band Wireless-AC 8260/8265/9260 20.x.x.x < 20.0.2.3
      else if (desc =~ "^Intel\(R\) Dual Band Wireless-AC (8260|8265|9260)$")
      {
        if (version =~ "^20\.")
          fixed = '20.0.2.3';
      }
    
      if (!isnull(fixed) && ver_compare(ver:version, fix:fixed, strict:FALSE) < 0)
      {
        report += 'Network Adapter Driver Description       : ' + desc + '\n';
        report += 'Network Adapter Driver Installed Version : ' + version + '\n';
        report += 'Network Adapter Driver Fixed Version     : ' + fixed + '\n';
        report += '\n';
      }
    }
    
    if (empty_or_null(report))
      audit(AUDIT_HOST_NOT, 'affected');
    
    port = get_kb_item('SMB/transport');
    if (!port) port = 445;
    
    security_report_v4(port:port, severity:SECURITY_NOTE, extra:report);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3153-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_45 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104960
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104960
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3153-1) (KRACK)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:3153-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104960);
      script_version("3.10");
      script_cvs_date("Date: 2019/09/11 11:22:16");
    
      script_cve_id("CVE-2017-13080", "CVE-2017-15649", "CVE-2017-6346");
      script_xref(name:"IAVA", value:"2017-A-0310");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3153-1) (KRACK)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for the Linux Kernel 3.12.74-60_64_45 fixes several
    issues. The following security issues were fixed :
    
      - CVE-2017-15649: net/packet/af_packet.c in the Linux
        kernel allowed local users to gain privileges via
        crafted system calls that trigger mishandling of
        packet_fanout data structures, because of a race
        condition (involving fanout_add and packet_do_bind) that
        leads to a use-after-free, a different vulnerability
        than CVE-2017-6346 (bsc#1064392)
    
      - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2)
        allowed reinstallation of the Group Temporal Key (GTK)
        during the group key handshake, allowing an attacker
        within radio range to replay frames from access points
        to clients (bsc#1063671, bsc#1066472, bsc#1066471)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064392"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-13080/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15649/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20173153-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bc1672f2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
    SUSE-SLE-SAP-12-SP1-2017-1955=1
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2017-1955=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_45-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_45-xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/01");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_45-default-6-2.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_45-xen-6-2.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1242.NASL
    descriptionAccording to the versions of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-11-16
    plugin id104577
    published2017-11-16
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104577
    titleEulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2017-1242)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0120_WPA_SUPPLICANT.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has wpa_supplicant packages installed that are affected by multiple vulnerabilities: - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake. (CVE-2017-13087) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake. (CVE-2017-13080) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake. (CVE-2017-13078) - A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake. (CVE-2017-13077) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127365
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127365
    titleNewStart CGSL MAIN 4.05 : wpa_supplicant Multiple Vulnerabilities (NS-SA-2019-0120)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2847-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bsc#1053919). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the
    last seen2020-06-01
    modified2020-06-02
    plugin id104171
    published2017-10-26
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104171
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2847-1) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3146-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_77 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104953
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104953
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3146-1) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3158-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_60 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104964
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104964
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3158-1) (KRACK)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS17_OCT_4041689.NASL
    descriptionThe remote Windows host is missing security update 4041689. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-11765, CVE-2017-11814) - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11762, CVE-2017-11763) - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11783) - A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. (CVE-2017-11779) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11802, CVE-2017-11804, CVE-2017-11808, CVE-2017-11811, CVE-2017-11812) - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8717, CVE-2017-8718) - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine. (CVE-2017-11823, CVE-2017-8715) - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. (CVE-2017-11817) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11793, CVE-2017-11810) - An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11772) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2017-11824) - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8727) - An Security Feature bypass vulnerability exists in Microsoft Windows storage when it fails to validate an integrity-level check. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level. The update addresses the vulnerability by correcting how Microsoft storage validates an integrity-level check. (CVE-2017-11818) - A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11771) - An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. (CVE-2017-11815) - A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the target system. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses the vulnerability by correcting the manner in which SMB handles specially crafted client requests. (CVE-2017-11781) - An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8689, CVE-2017-8694) - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. (CVE-2017-11780) - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8693) - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-11816) - A remote code execution vulnerability exists in the way the scripting engine handle objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11809) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2017-11785) - A remote code execution vulnerability exists in the way that certain Windows components handle the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11769) - A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8726) - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11790) - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11822) - A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network. (CVE-2017-13080)
    last seen2020-06-01
    modified2020-06-02
    plugin id103747
    published2017-10-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103747
    titleKB4041689: Windows 10 Version 1511 October 2017 Cumulative Update (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0040-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please contact your CPU / hardware vendor for potential microcode or BIOS updates needed for this fix. As this feature can have a performance impact, it can be disabled using the
    last seen2020-06-05
    modified2018-01-09
    plugin id105685
    published2018-01-09
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105685
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2018:0040-1) (BlueBorne) (KRACK) (Meltdown) (Spectre)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS17_OCT_4041690.NASL
    descriptionThe remote Windows host is missing security update 4041679 or cumulative update 4041690. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8727) - A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11771) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2017-11824) - An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8694) - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8717, CVE-2017-8718) - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-11816) - An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. (CVE-2017-11815) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-11765, CVE-2017-11814) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11793, CVE-2017-11810) - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11762, CVE-2017-11763) - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11790) - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. (CVE-2017-11817) - A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the target system. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses the vulnerability by correcting the manner in which SMB handles specially crafted client requests. (CVE-2017-11781) - An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11772) - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. (CVE-2017-11780) - A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. (CVE-2017-11779) - An Security Feature bypass vulnerability exists in Microsoft Windows storage when it fails to validate an integrity-level check. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level. The update addresses the vulnerability by correcting how Microsoft storage validates an integrity-level check. (CVE-2017-11818) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2017-11784, CVE-2017-11785) - A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network. (CVE-2017-13080)
    last seen2020-06-01
    modified2020-06-02
    plugin id103748
    published2017-10-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103748
    titleWindows Server 2012 October 2017 Security Updates (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3152-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_51 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104959
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104959
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3152-1) (KRACK)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-60BFB576B7.NASL
    descriptionFix the for the Key Reinstallation Attacks ========================================== - hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088) - Prevent installation of an all-zero TK - TDLS: Reject TPK-TK reconfiguration - WNM: Ignore WNM-Sleep Mode Response without pending request - FT: Do not allow multiple Reassociation Response frames Upstream advisory: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me ssages.txt Details and the paper: https://www.krackattacks.com/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-18
    plugin id103896
    published2017-10-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103896
    titleFedora 26 : 1:wpa_supplicant (2017-60bfb576b7) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3127-1.NASL
    descriptionThis update for the Linux Kernel 3.12.69-60_64_35 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104877
    published2017-11-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104877
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3127-1) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3131-1.NASL
    descriptionThis update for the Linux Kernel 3.12.69-60_64_29 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104879
    published2017-11-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104879
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3131-1) (KRACK)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1414.NASL
    descriptionAccording to the versions of the wpa_supplicant package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.(CVE-2018-14526) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) by retransmitting Fast BSS Transition (FT) Reassociation Requests.(CVE-2017-13082) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake.(CVE-2017-13080) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key during a TDLS handshake.(CVE-2017-13086) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake.(CVE-2017-13078) - A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake.(CVE-2017-13077) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13088) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13087) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124917
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124917
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : wpa_supplicant (EulerOS-SA-2019-1414)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1163.NASL
    descriptionThis update for wpa_supplicant fixes the security issues : - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won
    last seen2020-06-05
    modified2017-10-23
    plugin id104076
    published2017-10-23
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/104076
    titleopenSUSE Security Update : wpa_supplicant (openSUSE-2017-1163) (KRACK)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2017-004.NASL
    descriptionThe remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - 802.1X - apache - AppleScript - ATS - Audio - CFString - CoreText - curl - Dictionary Widget - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - ImageIO - Kernel - libarchive - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - Sandbox - StreamingZip - tcpdump - Wi-Fi
    last seen2020-06-01
    modified2020-06-02
    plugin id104379
    published2017-11-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104379
    titlemacOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3265-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067085). - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066700). - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference (bnc#1066705). - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor (bnc#1066671). - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066650). - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup (bnc#1066618). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066625). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051). - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524). - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux kernel doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id105172
    published2017-12-12
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105172
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2017:3265-1) (KRACK)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-2911.NASL
    descriptionAn update for wpa_supplicant is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119233
    published2018-11-27
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119233
    titleVirtuozzo 6 : wpa_supplicant (VZLSA-2017-2911)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3151-1.NASL
    descriptionThis update for the Linux Kernel 3.12.60-52_63 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104958
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104958
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3151-1) (KRACK)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2907.NASL
    descriptionAn update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103916
    published2017-10-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103916
    titleRHEL 7 : wpa_supplicant (RHSA-2017:2907) (KRACK)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3505-1.NASL
    descriptionMathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-2017-13080, CVE-2017-13081). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105038
    published2017-12-06
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105038
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : linux-firmware vulnerabilities (USN-3505-1) (KRACK)
  • NASL familyFirewalls
    NASL idPFSENSE_2_3_5.NASL
    descriptionAccording to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen2020-05-09
    modified2018-04-13
    plugin id109037
    published2018-04-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109037
    titlepfSense < 2.3.5 Multiple Vulnerabilities (KRACK)
  • NASL familyMisc.
    NASL idMIKROTIK_KRACK.NASL
    descriptionAccording to its self-reported version, the remote networking device is running a version of MikroTik 6.9.X prior to 6.39.3, 6.40.x < 6.40.4, or 6.41rc. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol.
    last seen2020-06-01
    modified2020-06-02
    plugin id103857
    published2017-10-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103857
    titleMikroTik RouterOS < 6.39.3 / 6.40.4 / 6.41rc (KRACK)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-2907.NASL
    descriptionAn update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103881
    published2017-10-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103881
    titleCentOS 7 : wpa_supplicant (CESA-2017:2907) (KRACK)
  • NASL familyMisc.
    NASL idUBNT_UNIFI_KRACK.NASL
    descriptionAccording to its self-reported version, the remote networking device is running a version of UniFi OS prior to 3.9.3.7537. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol.
    last seen2020-06-01
    modified2020-06-02
    plugin id103875
    published2017-10-17
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103875
    titleUbiquiti Networks UniFi < 3.9.3.7537 (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3118-1.NASL
    descriptionThis update for the Linux Kernel 3.12.69-60_64_32 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104872
    published2017-11-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104872
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3118-1) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3130-1.NASL
    descriptionThis update for the Linux Kernel 3.12.67-60_64_18 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104878
    published2017-11-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104878
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3130-1) (KRACK)
  • NASL familyMisc.
    NASL idAPPLETV_11_1.NASL
    descriptionAccording to its banner, the version of Apple TV on the remote device is prior to 11.1. It is, therefore, affected by multiple vulnerabilities as described in the HT208219 security advisory. Note that only 4th and 5th generation models are affected by these vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id104387
    published2017-11-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104387
    titleApple TV < 11.1 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3125-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_86 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104876
    published2017-11-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104876
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3125-1) (KRACK)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1150.NASL
    descriptionA vulnerability was found in how WPA code can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. Those issues are commonly known under the
    last seen2020-03-17
    modified2017-11-01
    plugin id104299
    published2017-11-01
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/104299
    titleDebian DLA-1150-1 : wpa security update (KRACK)
  • NASL familyFirewalls
    NASL idJUNIPER_JSA10827_KRACK.NASL
    descriptionThe version of Juniper Junos OS installed on the remote host is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note that Juniper
    last seen2020-06-10
    modified2018-01-08
    plugin id105653
    published2018-01-08
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105653
    titleJunos OS 12.1X46 SRX 210, 240, 650 series firewalls (KRACK)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-2911.NASL
    descriptionAn update for wpa_supplicant is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103946
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103946
    titleCentOS 6 : wpa_supplicant (CESA-2017:2911) (KRACK)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20171018_WPA_SUPPLICANT_ON_SL6_X.NASL
    descriptionSecurity Fix(es): * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087)
    last seen2020-03-18
    modified2017-10-19
    plugin id103959
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103959
    titleScientific Linux Security Update : wpa_supplicant on SL6.x i386/x86_64 (20171018) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3132-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_92 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104880
    published2017-11-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104880
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3132-1) (KRACK)
  • NASL familyFirewalls
    NASL idSCREENOS_JSA10827_KRACK.NASL
    descriptionThe version of Juniper ScreenOS installed on the remote host is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note that Juniper
    last seen2020-06-01
    modified2020-06-02
    plugin id105654
    published2018-01-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105654
    titleJuniper ScreenOS 6.3 SSG-5 and SSG-20 (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3147-1.NASL
    descriptionThis update for the Linux Kernel 3.12.67-60_64_24 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104954
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104954
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3147-1) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3103-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_80 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104805
    published2017-11-28
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104805
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3103-1) (KRACK)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D670A953B2A111E7A633009C02A2AB30.NASL
    descriptionwpa_supplicant developers report : A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys.
    last seen2020-06-01
    modified2020-06-02
    plugin id103862
    published2017-10-17
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103862
    titleFreeBSD : WPA packet number reuse with replayed messages and key reinstallation (d670a953-b2a1-11e7-a633-009c02a2ab30) (KRACK)
  • NASL familyCISCO
    NASL idCISCO-SA-20171016-WPA-ASA_WITH_FIREPOWER_SERVICES.NASL
    descriptionAccording to its self-reported version, the Cisco ASA with FirePOWER Services is affected by multiple vulnerabilities related to the KRACK attack. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.
    last seen2020-06-01
    modified2020-06-02
    plugin id103856
    published2017-10-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103856
    titleCisco ASA FirePOWER Services Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3117-1.NASL
    descriptionThis update for the Linux Kernel 3.12.60-52_60 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104871
    published2017-11-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104871
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3117-1) (KRACK)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-2911.NASL
    descriptionFrom Red Hat Security Advisory 2017:2911 : An update for wpa_supplicant is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103955
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103955
    titleOracle Linux 6 : wpa_supplicant (ELSA-2017-2911) (KRACK)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_13_4.NASL
    descriptionThe remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.4. It is, therefore, affected by multiple vulnerabilities in the following components : - Admin Framework - APFS - ATS - CoreFoundation - CoreText - Disk Images - Disk Management - File System Events - iCloud Drive - Intel Graphics Driver - IOFireWireFamily - Kernel - kext tools - LaunchServices - Mail - Notes - NSURLSession - NVIDIA Graphics Drivers - PDFKit - PluginKit - Quick Look - Security - Storage - System Preferences - Terminal - WindowServer Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id108786
    published2018-04-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108786
    titlemacOS 10.13.x < 10.13.4 Multiple Vulnerabilities
  • NASL familyFirewalls
    NASL idFORTIOS_FG-IR-17-196.NASL
    descriptionThe remote host is running FortiOS prior to 5.2, 5.2.x prior to or equal to 5.2.11, 5.4.x prior to or equal 5.4.5, or 5.6.x prior to or equal to 5.6.2. It is, therefore, affected by multiple vulnerabilities discovered in the WPA2 handshake protocol. Note these issues affect only WiFi model devices in
    last seen2020-06-01
    modified2020-06-02
    plugin id103873
    published2017-10-17
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103873
    titleFortinet FortiGate < 5.2 / 5.2.x <= 5.2.11 / 5.4.x <= 5.4.5 / 5.6.x <= 5.6.2 Multiple Vulnerabilities (FG-IR-17-196) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3150-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_48 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104957
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104957
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3150-1) (KRACK)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2911.NASL
    descriptionAn update for wpa_supplicant is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103958
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103958
    titleRHEL 6 : wpa_supplicant (RHSA-2017:2911) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1194.NASL
    descriptionThe openSUSE Leap 42.3 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). The following non-security bugs were fixed : - acpi/processor: Check for duplicate processor ids at hotplug time (bnc#1056230). - acpi/processor: Implement DEVICE operator for processor enumeration (bnc#1056230). - add mainline tags to hyperv patches - alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382). - alsa: compress: Remove unused variable (bnc#1012382). - alsa: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (bnc#1012382). - alsa: usx2y: Suppress kernel warning at page allocation failures (bnc#1012382). - arm64: add function to get a cpu
    last seen2020-06-05
    modified2017-10-26
    plugin id104166
    published2017-10-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104166
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2017-1194) (KRACK)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS17_OCT_4041693.NASL
    descriptionThe remote Windows host is missing security update 4041687 or cumulative update 4041693. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8727) - A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11771) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2017-11824) - An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8689, CVE-2017-8694) - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8717, CVE-2017-8718) - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-11816) - An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. (CVE-2017-11815) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-11765, CVE-2017-11814) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11793, CVE-2017-11810) - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11762, CVE-2017-11763) - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11790) - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. (CVE-2017-11817) - A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the target system. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses the vulnerability by correcting the manner in which SMB handles specially crafted client requests. (CVE-2017-11781) - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11783) - An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11772) - An Security Feature bypass vulnerability exists in Microsoft Windows storage when it fails to validate an integrity-level check. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level. The update addresses the vulnerability by correcting how Microsoft storage validates an integrity-level check. (CVE-2017-11818) - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. (CVE-2017-11780) - A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. (CVE-2017-11779) - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11813, CVE-2017-11822) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2017-11784, CVE-2017-11785) - A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network. (CVE-2017-13080)
    last seen2020-06-01
    modified2020-06-02
    plugin id103750
    published2017-10-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103750
    titleWindows 8.1 and Windows Server 2012 R2 October 2017 Security Updates (KRACK)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20171018_WPA_SUPPLICANT_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
    last seen2020-03-18
    modified2017-10-19
    plugin id103960
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103960
    titleScientific Linux Security Update : wpa_supplicant on SL7.x x86_64 (20171018) (KRACK)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-F45E844A85.NASL
    descriptionFix the for the Key Reinstallation Attacks ========================================== - hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088) - Prevent installation of an all-zero TK - TDLS: Reject TPK-TK reconfiguration - WNM: Ignore WNM-Sleep Mode Response without pending request - FT: Do not allow multiple Reassociation Response frames Upstream advisory: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me ssages.txt Details and the paper: https://www.krackattacks.com/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id106004
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106004
    titleFedora 27 : 1:wpa_supplicant (2017-f45e844a85) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2752-1.NASL
    descriptionThis update for wpa_supplicant fixes the following issues : - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won
    last seen2020-06-01
    modified2020-06-02
    plugin id103920
    published2017-10-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103920
    titleSUSE SLES11 Security Update : wpa_supplicant (SUSE-SU-2017:2752-1) (KRACK)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3455-1.NASL
    descriptionMathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103863
    published2017-10-17
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103863
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 : wpa vulnerabilities (USN-3455-1) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3148-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_57 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104955
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104955
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3148-1) (KRACK)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-2907.NASL
    descriptionFrom Red Hat Security Advisory 2017:2907 : An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103914
    published2017-10-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103914
    titleOracle Linux 7 : wpa_supplicant (ELSA-2017-2907) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3123-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_83 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104874
    published2017-11-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104874
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3123-1) (KRACK)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3999.NASL
    descriptionMathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities apply to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant). An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2. More information can be found in the researchers
    last seen2020-06-01
    modified2020-06-02
    plugin id103859
    published2017-10-17
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103859
    titleDebian DSA-3999-1 : wpa - security update (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3124-1.NASL
    descriptionThis update for the Linux Kernel 3.12.67-60_64_21 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104875
    published2017-11-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104875
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3124-1) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2869-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038). - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bnc#1053919). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the
    last seen2020-06-01
    modified2020-06-02
    plugin id104253
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104253
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2869-1) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1224.NASL
    descriptionThe openSUSE Leap 42.2 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). The following non-security bugs were fixed : - alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382). - alsa: compress: Remove unused variable (bnc#1012382). - alsa: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (bnc#1012382). - alsa: usx2y: Suppress kernel warning at page allocation failures (bnc#1012382). - arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382). - arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes (bnc#1012382). - arm: remove duplicate
    last seen2020-06-05
    modified2017-10-30
    plugin id104246
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104246
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2017-1224) (KRACK)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS17_OCT_WIN2008.NASL
    descriptionThe remote Windows host is missing multiple security updates released on 2017/10/10. It is, therefore, affected by multiple vulnerabilities : - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. (CVE-2017-0250) - A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11771) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2017-11824) - An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8689, CVE-2017-8694) - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8717, CVE-2017-8718) - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-11816) - An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. (CVE-2017-11815) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-11765, CVE-2017-11814) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11793, CVE-2017-11810) - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11762, CVE-2017-11763) - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11790) - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. (CVE-2017-11817) - A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the target system. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses the vulnerability by correcting the manner in which SMB handles specially crafted client requests. (CVE-2017-11781) - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11822) - An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11772) - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. (CVE-2017-11780) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2017-11784, CVE-2017-11785) - A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network. (CVE-2017-13080)
    last seen2020-06-01
    modified2020-06-02
    plugin id103816
    published2017-10-12
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103816
    titleWindows 2008 October 2017 Multiple Security Updates (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3154-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_66 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104961
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104961
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3154-1) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3119-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_89 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104873
    published2017-11-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104873
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3119-1) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3149-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_72 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104956
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104956
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3149-1) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3145-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_40 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104952
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104952
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3145-1) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2745-1.NASL
    descriptionThis update for wpa_supplicant fixes the security issues : - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won
    last seen2020-06-01
    modified2020-06-02
    plugin id103917
    published2017-10-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103917
    titleSUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2017:2745-1) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3157-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_54 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104963
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104963
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3157-1) (KRACK)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS17_OCT_4041676.NASL
    descriptionThe remote Windows host is missing security update 4041676. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-11765, CVE-2017-11814) - An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions. An attacker who successfully exploited the vulnerability could overwrite files that require higher privileges than what the attacker already has. (CVE-2017-11829) - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11762, CVE-2017-11763) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11792, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11811, CVE-2017-11812, CVE-2017-11821) - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11783) - A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. (CVE-2017-11779) - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8717, CVE-2017-8718) - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine. (CVE-2017-11823, CVE-2017-8715) - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. (CVE-2017-11817) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11793, CVE-2017-11810) - An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11772) - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11794) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2017-11824) - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8727) - An Security Feature bypass vulnerability exists in Microsoft Windows storage when it fails to validate an integrity-level check. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level. The update addresses the vulnerability by correcting how Microsoft storage validates an integrity-level check. (CVE-2017-11818) - A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11771) - An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. (CVE-2017-11815) - A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the target system. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses the vulnerability by correcting the manner in which SMB handles specially crafted client requests. (CVE-2017-11781) - An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8689, CVE-2017-8694) - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. (CVE-2017-11780) - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8693) - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-11816) - A remote code execution vulnerability exists in the way the scripting engine handle objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11809) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2017-11785) - A denial of service vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause a denial of service against the local system. A attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory. (CVE-2017-8703) - A remote code execution vulnerability exists in the way that certain Windows components handle the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11769) - A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8726) - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11790) - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11822) - A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network. (CVE-2017-13080)
    last seen2020-06-01
    modified2020-06-02
    plugin id103745
    published2017-10-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103745
    titleKB4041676: Windows 10 Version 1703 October 2017 Cumulative Update (KRACK)
  • NASL familyMisc.
    NASL idARUBAOS_KRACK.NASL
    descriptionThe version of ArubaOS on the remote device is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note: ArbuaOS devices are only vulnerable to CVE-2017-13077, CVE-2017-13078,CVE-2017-13079, CVE-2017-13080, and CVE-2017-13081 while operating as a Wi-Fi supplicant in Mesh mode.
    last seen2020-06-01
    modified2020-06-02
    plugin id103855
    published2017-10-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103855
    titleArubaOS WPA2 Key Reinstallation Vulnerabilities (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3160-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_69 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104965
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104965
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3160-1) (KRACK)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1200.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2016-10208 Sergej Schumilo and Ralf Spenneberg discovered that a crafted ext4 filesystem could trigger memory corruption when it is mounted. A user that can provide a device or filesystem image to be mounted could use this for denial of service (crash or data corruption) or possibly for privilege escalation. CVE-2017-8824 Mohamed Ghannam discovered that the DCCP implementation did not correctly manage resources when a socket is disconnected and reconnected, potentially leading to a use-after-free. A local user could use this for denial of service (crash or data corruption) or possibly for privilege escalation. On systems that do not already have the dccp module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-dccp.conf install dccp false CVE-2017-8831 Pengfei Wang discovered that the saa7164 video capture driver re-reads data from a PCI device after validating it. A physically present user able to attach a specially designed PCI device could use this for privilege escalation. CVE-2017-12190 Vitaly Mayatskikh discovered that the block layer did not correctly count page references for raw I/O from user-space. This can be exploited by a guest VM with access to a host SCSI device for denial of service (memory exhaustion) or potentially for privilege escalation. CVE-2017-13080 A vulnerability was found in the WPA2 protocol that could lead to reinstallation of the same Group Temporal Key (GTK), which substantially reduces the security of wifi encryption. This is one of the issues collectively known as
    last seen2020-03-17
    modified2017-12-11
    plugin id105116
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105116
    titleDebian DLA-1200-1 : linux security update (KRACK)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201711-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201711-03 (hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks) WiFi Protected Access (WPA and WPA2) and it&rsquo;s associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for details. Impact : An attacker can carry out the KRACK attacks on a wireless network in order to gain access to network clients. Once achieved, the attacker can potentially harvest confidential information (e.g. HTTP/HTTPS), inject malware, or perform a myriad of other attacks. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id104511
    published2017-11-13
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/104511
    titleGLSA-201711-03 : hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (KRACK)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-291-02.NASL
    descriptionNew wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103944
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/103944
    titleSlackware 14.0 / 14.1 / 14.2 / current : wpa_supplicant (SSA:2017-291-02) (KRACK)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1573.NASL
    descriptionSeveral vulnerabilities have been discovered in the firmware for Broadcom BCM43xx wifi chips that may lead to a privilege escalation or loss of confidentiality. CVE-2016-0801 Broadgate Team discovered flaws in packet processing in the Broadcom wifi firmware and proprietary drivers that could lead to remote code execution. However, this vulnerability is not believed to affect the drivers used in Debian. CVE-2017-0561 Gal Beniamini of Project Zero discovered a flaw in the TDLS implementation in Broadcom wifi firmware. This could be exploited by an attacker on the same WPA2 network to execute code on the wifi microcontroller. CVE-2017-9417 / #869639 Nitay Artenstein of Exodus Intelligence discovered a flaw in the WMM implementation in Broadcom wifi firmware. This could be exploited by a nearby attacker to execute code on the wifi microcontroller. CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081 Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol used for authentication in wireless networks, dubbed
    last seen2020-06-01
    modified2020-06-02
    plugin id118888
    published2018-11-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118888
    titleDebian DLA-1573-1 : firmware-nonfree security update (KRACK)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1241.NASL
    descriptionAccording to the versions of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-11-16
    plugin id104576
    published2017-11-16
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104576
    titleEulerOS 2.0 SP1 : wpa_supplicant (EulerOS-SA-2017-1241)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2920-1.NASL
    descriptionThe SUSE Linux Enterprise 12 GA LTS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). - CVE-2015-9004: kernel/events/core.c in the Linux kernel mishandled counter grouping, which allowed local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions (bnc#1037306). - CVE-2016-10229: udp.c in the Linux kernel allowed remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag (bnc#1032268). - CVE-2016-9604: The handling of keyrings starting with
    last seen2020-06-01
    modified2020-06-02
    plugin id104374
    published2017-11-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104374
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2920-1) (KRACK) (Stack Clash)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS17_OCT_4041691.NASL
    descriptionThe remote Windows host is missing security update 4041691. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-11765, CVE-2017-11814) - An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions. An attacker who successfully exploited the vulnerability could overwrite files that require higher privileges than what the attacker already has. (CVE-2017-11829) - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11762, CVE-2017-11763) - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11783) - A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. (CVE-2017-11779) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11802, CVE-2017-11804, CVE-2017-11808, CVE-2017-11811, CVE-2017-11812) - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8717, CVE-2017-8718) - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine. (CVE-2017-11823, CVE-2017-8715) - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. (CVE-2017-11817) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11793, CVE-2017-11810) - An elevation of privilege vulnerability exists in the default Windows SMB Server configuration which allows anonymous users to remotely access certain named pipes that are also configured to allow anonymous access to users who are logged on locally. An unauthenticated attacker who successfully exploits this configuration error could remotely send specially crafted requests to certain services that accept requests via named pipes. (CVE-2017-11782) - An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11772) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2017-11824) - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8727) - An Security Feature bypass vulnerability exists in Microsoft Windows storage when it fails to validate an integrity-level check. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level. The update addresses the vulnerability by correcting how Microsoft storage validates an integrity-level check. (CVE-2017-11818) - A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11771) - An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. (CVE-2017-11815) - A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the target system. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses the vulnerability by correcting the manner in which SMB handles specially crafted client requests. (CVE-2017-11781) - An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8689, CVE-2017-8694) - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. (CVE-2017-11780) - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8693) - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-11816) - A remote code execution vulnerability exists in the way the scripting engine handle objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11809) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2017-11785) - A remote code execution vulnerability exists in the way that certain Windows components handle the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11769) - A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8726) - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11790) - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11822) - A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network. (CVE-2017-13080)
    last seen2020-06-01
    modified2020-06-02
    plugin id103749
    published2017-10-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103749
    titleKB4041691: Windows 10 Version 1607 and Windows Server 2016 October 2017 Cumulative Update (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1201.NASL
    descriptionThis update for hostapd fixes the following issues : - Fix KRACK attacks on the AP side (boo#1063479, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088) : Hostap was updated to upstream release 2.6 - fixed EAP-pwd last fragment validation [http://w1.fi/security/2015-7/] (CVE-2015-5314) - fixed WPS configuration update vulnerability with malformed passphrase [http://w1.fi/security/2016-1/] (CVE-2016-4476) - extended channel switch support for VHT bandwidth changes - added support for configuring new ANQP-elements with anqp_elem=<InfoID>:<hexdump of payload> - fixed Suite B 192-bit AKM to use proper PMK length (note: this makes old releases incompatible with the fixed behavior) - added no_probe_resp_if_max_sta=1 parameter to disable Probe Response frame sending for not-associated STAs if max_num_sta limit has been reached - added option (-S as command line argument) to request all interfaces to be started at the same time - modified rts_threshold and fragm_threshold configuration parameters to allow -1 to be used to disable RTS/fragmentation - EAP-pwd: added support for Brainpool Elliptic Curves (with OpenSSL 1.0.2 and newer) - fixed EAPOL reauthentication after FT protocol run - fixed FTIE generation for 4-way handshake after FT protocol run - fixed and improved various FST operations - TLS server - support SHA384 and SHA512 hashes - support TLS v1.2 signature algorithm with SHA384 and SHA512 - support PKCS #5 v2.0 PBES2 - support PKCS #5 with PKCS #12 style key decryption - minimal support for PKCS #12 - support OCSP stapling (including ocsp_multi) - added support for OpenSSL 1.1 API changes - drop support for OpenSSL 0.9.8 - drop support for OpenSSL 1.0.0 - EAP-PEAP: support fast-connect crypto binding - RADIUS - fix Called-Station-Id to not escape SSID - add Event-Timestamp to all Accounting-Request packets - add Acct-Session-Id to Accounting-On/Off - add Acct-Multi-Session-Id ton Access-Request packets - add Service-Type (= Frames) - allow server to provide PSK instead of passphrase for WPA-PSK Tunnel_password case - update full message for interim accounting updates - add Acct-Delay-Time into Accounting messages - add require_message_authenticator configuration option to require CoA/Disconnect-Request packets to be authenticated - started to postpone WNM-Notification frame sending by 100 ms so that the STA has some more time to configure the key before this frame is received after the 4-way handshake - VHT: added interoperability workaround for 80+80 and 160 MHz channels - extended VLAN support (per-STA vif, etc.) - fixed PMKID derivation with SAE - nl80211 - added support for full station state operations - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use unencrypted EAPOL frames - added initial MBO support; number of extensions to WNM BSS Transition Management - added initial functionality for location related operations - added assocresp_elements parameter to allow vendor specific elements to be added into (Re)Association Response frames - improved Public Action frame addressing - use Address 3 = wildcard BSSID in GAS response if a query from an unassociated STA used that address - fix TX status processing for Address 3 = wildcard BSSID - add gas_address3 configuration parameter to control Address 3 behavior - added command line parameter -i to override interface parameter in hostapd.conf - added command completion support to hostapd_cli - added passive client taxonomy determination (CONFIG_TAXONOMY=y compile option and
    last seen2020-06-05
    modified2017-10-30
    plugin id104237
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/104237
    titleopenSUSE Security Update : hostapd (openSUSE-2017-1201) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2908-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 LTS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15265: Use-after-free vulnerability in the Linux kernel allowed local users to have unspecified impact via vectors related to /dev/snd/seq (bnc#1062520). - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the
    last seen2020-06-01
    modified2020-06-02
    plugin id104271
    published2017-10-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104271
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2908-1) (KRACK) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1317.NASL
    descriptionThis update for kernel-firmware fixes the following issues : - Update Intel WiFi firmwares for the 3160, 7260 and 7265 adapters. Security issues fixed are part of the
    last seen2020-06-05
    modified2017-12-14
    plugin id105219
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/105219
    titleopenSUSE Security Update : kernel-firmware (openSUSE-2017-1317) (KRACK)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-2907.NASL
    descriptionAn update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104581
    published2017-11-16
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104581
    titleVirtuozzo 7 : wpa_supplicant (VZLSA-2017-2907)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS17_OCT_4042895.NASL
    descriptionThe remote Windows host is missing security update 4042895. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-11765, CVE-2017-11814) - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8726) - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11762, CVE-2017-11763) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11802, CVE-2017-11804, CVE-2017-11808, CVE-2017-11811) - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11783) - A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. (CVE-2017-11779) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2017-11784, CVE-2017-11785) - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8717, CVE-2017-8718) - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine. (CVE-2017-11823, CVE-2017-8715) - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. (CVE-2017-11817) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11793, CVE-2017-11810) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11809) - An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11772) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2017-11824) - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8727) - An Security Feature bypass vulnerability exists in Microsoft Windows storage when it fails to validate an integrity-level check. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level. The update addresses the vulnerability by correcting how Microsoft storage validates an integrity-level check. (CVE-2017-11818) - A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11771) - An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. (CVE-2017-11815) - A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network. Multiple conditions would need to be met in order for an attacker to exploit the vulnerability the attacker would need to be within the physical proximity of the targeted user, and the user
    last seen2020-06-01
    modified2020-06-02
    plugin id104384
    published2017-11-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104384
    titleKB4042895: Windows 10 October 2017 Cumulative Update (KRACK)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_13_1.NASL
    descriptionThe remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.1. It is, therefore, affected by multiple vulnerabilities in the following components : - APFS - curl - Dictionary Widget - Kernel - StreamingZip - tcpdump - Wi-Fi Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id104378
    published2017-11-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104378
    titlemacOS 10.13.x < 10.13.1 Multiple Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1422.NASL
    descriptionAccording to the versions of the wpa_supplicant package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081) - An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.(CVE-2018-14526) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13088) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake.(CVE-2017-13080) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13087) - A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake.(CVE-2017-13077) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake.(CVE-2017-13078) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) by retransmitting Fast BSS Transition (FT) Reassociation Requests.(CVE-2017-13082) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key during a TDLS handshake.(CVE-2017-13086) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124925
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124925
    titleEulerOS Virtualization 3.0.1.0 : wpa_supplicant (EulerOS-SA-2019-1422)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS17_OCT_4041681.NASL
    descriptionThe remote Windows host is missing security update 4041678 or cumulative update 4041681. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11813, CVE-2017-11822) - A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11771) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2017-11824) - An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8689, CVE-2017-8694) - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8717, CVE-2017-8718) - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-11816) - An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. (CVE-2017-11815) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-11765, CVE-2017-11814) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11793, CVE-2017-11810) - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11762, CVE-2017-11763) - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11790) - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. (CVE-2017-11817) - A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the target system. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses the vulnerability by correcting the manner in which SMB handles specially crafted client requests. (CVE-2017-11781) - An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11772) - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. (CVE-2017-11780) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2017-11784, CVE-2017-11785) - A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network. (CVE-2017-13080)
    last seen2020-06-01
    modified2020-06-02
    plugin id103746
    published2017-10-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103746
    titleWindows 7 and Windows Server 2008 R2 October 2017 Security Updates (KRACK)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-12E76E8364.NASL
    descriptionFix the for the Key Reinstallation Attacks ========================================== - hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088) - Prevent installation of an all-zero TK - TDLS: Reject TPK-TK reconfiguration - WNM: Ignore WNM-Sleep Mode Response without pending request - FT: Do not allow multiple Reassociation Response frames Upstream advisory: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me ssages.txt Details and the paper: https://www.krackattacks.com/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-18
    plugin id103884
    published2017-10-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103884
    titleFedora 25 : 1:wpa_supplicant (2017-12e76e8364) (KRACK)

Redhat

advisories
  • rhsa
    idRHSA-2017:2907
  • rhsa
    idRHSA-2017:2911
rpms
  • wpa_supplicant-1:2.6-5.el7_4.1
  • wpa_supplicant-debuginfo-1:2.6-5.el7_4.1
  • wpa_supplicant-1:0.7.3-9.el6_9.2
  • wpa_supplicant-debuginfo-1:0.7.3-9.el6_9.2

The Hacker News

References