223051 – security/vuxml: Document vulnerability in wpa_supplicant and hostapd

Bug 223051 - security/vuxml: Document vulnerability in wpa_supplicant and hostapd

Summary: security/vuxml: Document vulnerability in wpa_supplicant and hostapd

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Ports Security Team

URL:	http://w1.fi/security/2017-1/wpa-pack...
Keywords:	patch, security

Depends on:
Blocks:

Reported:	2017-10-16 19:09 UTC by VK
Modified:	2017-10-16 20:02 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (ports-secteam)

Attachments
Document vulnerability in WPA (1.96 KB, patch) 2017-10-16 19:09 UTC, VK	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description VK 2017-10-16 19:09:27 UTC

Created attachment 187219 [details]
Document vulnerability in WPA

A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys.

This set of vulnerabilities is also known as "KRACKs", or "Key Reinstallation Attacks".

Comment 1 VK 2017-10-16 19:26:23 UTC

Notify hostapd maintainer.

Comment 2 commit-hook freebsd_committer

2017-10-16 19:58:43 UTC

A commit references this bug:

Author: swills
Date: Mon Oct 16 19:57:56 UTC 2017
New revision: 452248
URL: https://svnweb.freebsd.org/changeset/ports/452248

Log:
  Document hostapd and wpa_supplicant issue

  PR:		223051
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

Changes:
  head/security/vuxml/vuln.xml

Comment 3 Steve Wills freebsd_committer

2017-10-16 20:02:47 UTC

Committed, thanks!