From owner-freebsd-current@freebsd.org Mon Oct 16 13:04:23 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 00E14E3A652 for ; Mon, 16 Oct 2017 13:04:23 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C03668035B; Mon, 16 Oct 2017 13:04:22 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from spqr.komquats.com ([96.50.22.10]) by shaw.ca with SMTP id 4543eTADnM9gt4544enXdE; Mon, 16 Oct 2017 07:04:21 -0600 X-Authority-Analysis: v=2.2 cv=a+JAzQaF c=1 sm=1 tr=0 a=jvE2nwUzI0ECrNeyr98KWA==:117 a=jvE2nwUzI0ECrNeyr98KWA==:17 a=kj9zAlcOel0A:10 a=02M-m0pO-4AA:10 a=6I5d2MoRAAAA:8 a=yaAG3qJ-AAAA:8 a=oneE3R1DAAAA:8 a=YxBL1-UpAAAA:8 a=0T3iPXDYWNLbjhcSX9QA:9 a=CjuIK1q_8ugA:10 a=Ytm8v_FqGBcA:10 a=q0T5EV-wlGoA:10 a=IjZwj45LgO3ly-622nXo:22 a=oLVlbjkABFOu4cUI0CGI:22 a=2Fs401WYdkfDm1j_wOhm:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id 7150442F; Mon, 16 Oct 2017 06:04:15 -0700 (PDT) Received: from slippy (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id v9GD4Fbh011760; Mon, 16 Oct 2017 06:04:15 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201710161304.v9GD4Fbh011760@slippy.cwsent.com> X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.6 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: lev@FreeBSD.org cc: blubee blubeeme , Poul-Henning Kamp , FreeBSD current Subject: Re: cve-2017-13077 - WPA2 security vulni In-Reply-To: Message from Lev Serebryakov of "Mon, 16 Oct 2017 15:14:10 +0300." <44161b4d-f834-a01d-6ddb-475f208762f9@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 16 Oct 2017 06:04:15 -0700 X-CMAE-Envelope: MS4wfPBVyZb5DVcpqgZ/tJFYQcTsZizEkbRkuA9D2OFd0vG8qz4CWqFiDDrQiXNkqsAhXexreGfHQtGkrMHCKYF6i3nWOdHbNDxZnLHmMGyIbD9R0WrDtN48 sSare41SEN39zFW5L3KDD5ZOjnHl4QSDoj8VYqQR/nJx1UnQRUVxpW3QIOwJF/sayS3DBZdbswIj1BOd6cl/6mFiJRMhJQmbzJnF7tejjajaW64DK1XqfdS/ P5m+VXy2aSYVppaKhd2uzFQyyPhyUBASt19psSJVjMg= X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Oct 2017 13:04:23 -0000 In message <44161b4d-f834-a01d-6ddb-475f208762f9@FreeBSD.org>, Lev Serebryakov writes: > On 16.10.2017 13:38, blubee blubeeme wrote: > > > well, that's a cluster if I ever seen one. > It is really cluster: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, > CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, > CVE-2017-13086,CVE-2017-13087, CVE-2017-13088. The gory details are here: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt The announcement is here: https://www.krackattacks.com/ -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.