LINUX SECURITY VULNERABILITY RESPONSE INFORMATION
Wi-Fi WPA/WPA2 Security Protocol Vulnerability [a.k.a. KRACK]
Wind River® is committed to delivering secure, reliable products that keep your devices protected. As part of this commitment, our Security Response Team is constantly monitoring and assessing thousands of notifications from CERT-accepted authorities and agencies, Linux security communities such as oss-security, and our customers. Wind River prioritizes these notifications, responds, and proactively contacts customers for timely alerts, enabling them to secure their devices.
Affected Products
The latest reported Wi-Fi WPA/WPA2 security protocol vulnerability, also referred to as KRACK, has been addressed by the Security Response Team. These vulnerabilities affect nearly all recent Wi-Fi implementations.
KRACK is tracked under the CVE entries:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088
We have determined that some Wind River products are affected, including the following:
- VxWorks
- Wind River Linux
- Wind River Intelligent Device Platform
- Wind River Pulsar Linux
Customers not on the latest version of software may be vulnerable and should contact Wind River Customer Support or their local Wind River representative for information regarding a fix for their version.
REMEDIATION
The following is a list of Wind River products and their vulnerability to the Wi-Fi WPA/WPA2 security protocol vulnerability (a.k.a. KRACK). For versions of products not listed, please contact Wind River Customer Support or your Wind River sales representative.
Product
Vulnerable
Version
Details**
Note: VxWorks versions prior to 6.5 are not vulnerable
We continue to monitor the situation on our security mailing lists in case there are new developments, and will post periodic updates via RSS feeds and the Wind River Support Network.
http://www.windriver.com/feeds/wrlinux_900.xml
http://www.windriver.com/feeds/wrlinux_800.xml
http://www.windriver.com/feeds/wrlinux_700.xml
You Can’t Afford a Security Breach
This is just one of the more than 6,000 security vulnerabilities that our Security Response Team analyzes annually, and only one of the more than 1,000 annually for which we have produced a fix and rolled it out to all of our current customers.
Our support and maintenance practices and processes provide the most tangible proof of value when choosing Wind River products.
Learn more about Wind River Security practices at www.windriver.com/products/linux/security.
Customers are urged to keep their support and maintenance contracts current, and to install the latest available updates to their installed products. If you don’t know if your support and maintenance contract is current, make sure to contact your Wind River representative.