Nothing so simple, unfortunately. This class of vulnerability is actually a collection of 10 CVEs, which encompass both the AP side and client side. If you've patched the AP side, for example, the attacker may still be able to compromise the set of session keys on the client side, and decrypt all of the client sent traffic.
You've got to patch both sides to be fully secure.
"""
The direction in which packets can be decrypted (and possibly forged) depends on the handshake being attacked. Simplified, when attacking the 4-way handshake, we can decrypt
(and forge) packets sent by the client. When attacking the Fast BSS Transition
(FT) handshake, we can decrypt (and forge) packets sent towards the client.
Finally, most of our attacks also allow the replay of unicast, broadcast, and multicast frames. For further details, see Section 6 of our
research paper.
"""
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
Chuck Anderson writes:
> Because none of Fedora's updates aren't actually released yet. They
> are built and undergoing pushing/testing now, but being a public
> distro, anyone can get them if they know where to look:
Ubuntu released a bunch of WPA-related patches a little after noontime
today, it appears.
John Stoffel:
> I'm using DD-WRT on my APs at home, but god do the web pages and
> forums suck for actually figuring out what version to run and
> whether it's patched or not. Sigh...
Ditto for OpenWRT, it appears the project is still alive, but you'd
never know, looking at their website. I may switch to LEDE, which
confusingly appears to be a fork of OpenWRT which is trying to merge
back with OpenWRT....?
--MCV.
_______________________________________________
Wlug mailing list
Wlug@mail.wlug.org
http://mail.wlug.org/mailman/listinfo/wlug