NetBSD Information for VU#228519

Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

Status

Affected

Vendor Statement

For CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080

CVE-2017-13081 CVE-2017-13082 CVE-2017-13084 CVE-2017-13086
CVE-2017-13087 CVE-2017-13088 aka KRACK Attacks as covered in:
https://www.kb.cert.org/vuls/id/228519/

wpa_supplicant has been patched in our packaging system (pkgsrc) http://mail-index.netbsd.org/pkgsrc-changes/2017/10/16/msg165381.html
http://mail-index.netbsd.org/pkgsrc-changes/2017/10/17/msg165433.html

And for NetBSD itself, a patch has been commited to the HEAD of the tree & is pending to be merged into the NetBSD/6, 7, 8 branches.
http://mail-index.netbsd.org/source-changes/2017/10/16/msg088877.html

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://mail-index.netbsd.org/pkgsrc-changes/2017/10/16/msg165381.html
http://mail-index.netbsd.org/pkgsrc-changes/2017/10/17/msg165433.html
http://mail-index.netbsd.org/source-changes/2017/10/16/msg088877.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.