Wind River Support Network

HomeSecurity NoticesWind River Linux Security Alert for ‘WPA security bug’ (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
Recommended

Wind River Linux Security Alert for ‘WPA security bug’ (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)

Released: Oct 16, 2017     Updated: Nov 3, 2017

Summary

WPA packet number reuse with replayed messages and key reinstallation. Effect on all our supporting release.


Affected Product Versions

Intelligent Device Platform XT 3.1, Wind River Linux 8, Wind River Linux 9, Wind River Linux 5, Wind River Linux 6, Wind River Linux 7

Downloads


Description

All our supporting releases need those fixes.


WPA packet number reuse with replayed messages and key reinstallation


  • CVE-2017-13077
  • CVE-2017-13078
  • CVE-2017-13079
  • CVE-2017-13080
  • CVE-2017-13081
  • CVE-2017-13082
  • CVE-2017-13084 (not applicable)
  • CVE-2017-13086
  • CVE-2017-13087
  • CVE-2017-13088

A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.

Customers using versions of Wind River Linux or Wind River Intelligent Device Platform (IDP and IDP XT) not specifically listed in this alert should contact Wind River Customer Support or their local Wind River representative for information regarding a fix for their version


Installation Notes

Installation for 5.0.1

$ cd project/layers/oe-core/meta/recipes-connectivity/wpa-supplicant
$ git am w5r-wpa-supplicant-WPA-packet-number-reuse-with-replayed.patch
$ cd project/layers/wr-base
$ git am wr5-hostapd-WPA-packet-number-reuse-with-replayed-messag.patch

Installation for 6.0/7.0

$ cd project/layers/oe-core/meta/recipes-connectivity/wpa-supplicant
$ git am wr6[7]-wpa-supplicant-Fix-WPA-packet-number-reuse-with-repl.patch
$ cd project/layers/meta-oe-subset/recipes-connectivity/hostapd
$ git am wr6[7]-hostapd-Fix-WPA-packet-number-reuse-with-replayed-me.patch

Installation for IDP3.1

Make sure the based “WRL7” have applied those two patches above, then

$ cd /wr-idp project/layers/oe-core/meta/recipes-connectivity/wpa-supplicant
$ git am idp-hostapd-Fix-WPA-packet-number-reuse-with-replayed-me.patch

Installation for 8.0/9.0

$ cd project/layers/oe-core/meta/recipes-connectivity/wpa-supplicant
$ git am wr8[9]-wpa-supplicant-Fix-WPA-packet-number-reuse-with-repl.patch
$ cd project/layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd
$ git am wr8[9]-hostapd-Fix-WPA-packet-number-reuse-with-replayed-me.patch

Rebuild related packages

$ bitbake wpa-supplicant -c distclean
$ bitbake wpa-supplicant
$ bitbake hostapd -c distclean
$ bitbake hostapd

Live chat
Online