TT 脆弱性 Blog

脆弱性情報に関する「個人」の調査・研究のログ

FragAttack: New Wi-Fi vulnerabilities that affect… basically everything

【概要】

■CVE番号

CVE番号
備考
CVE-2020-24588 Aggregation attack (accepting non-SPP A-MSDU frames)
CVE-2020-24587 Mixed key attack (reassembling fragments encrypted under different keys).
CVE-2020-24586 Fragment cache attack (not clearing fragments from memory when (re)connecting to a network)
CVE-2020-26145 Samsung Galaxy S3 accepting plaintext broadcast fragments as full frames (in an encrypted network)
CVE-2020-26144 Samsung Galaxy S3 accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network)
CVE-2020-26140 Alfa Windows 10 driver for AWUS036H accepting plaintext data frames in a protected network
CVE-2020-26143 Alfa Windows 10 driver 1030.36.604 for AWUS036ACH accepting fragmented plaintext data frames in a protected network
CVE-2020-26139 NetBSD forwarding EAPOL frames even though the sender is not yet authenticated
CVE-2020-26146 Samsung Galaxy S3 reassembling encrypted fragments with non-consecutive packet numbers
CVE-2020-26147 Linux kernel 5.8.9 reassembling mixed encrypted/plaintext fragments
CVE-2020-26142 OpenBSD 6.6 kernel processing fragmented frames as full frames
CVE-2020-26141 ALFA Windows 10 driver for AWUS036H not verifying the TKIP MIC of fragmented frames


【ブログ】

◆FragAttack: New Wi-Fi vulnerabilities that affect… basically everything (Malwarebytes, 2021/05/12)
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/05/fragattack-new-wi-fi-vulnerabilities-that-affect-basically-everything/


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 2006 - 2022