CVE

Id
35347  
CVE No.
CVE-2008-5230  
Status
Candidate  
Description
The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors" products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng.  
Phase
Assigned (20081125)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
387357 35347 CVE-2008-5230 MLIST:[dailydave] 20081107 All Ur WiFi(WPA) R Belong 2 PacSec  View
387358 35347 CVE-2008-5230 URL:http://lists.immunitysec.com/pipermail/dailydave/2008-November/005413.html  View
387359 35347 CVE-2008-5230 MISC:http://arstechnica.com/articles/paedia/wpa-cracked.ars  View
387360 35347 CVE-2008-5230 MISC:http://dl.aircrack-ng.org/breakingwepandwpa.pdf  View
387361 35347 CVE-2008-5230 MISC:http://radajo.blogspot.com/2008/11/wpatkip-chopchop-attack.html  View
387362 35347 CVE-2008-5230 MISC:http://trac.aircrack-ng.org/svn/trunk/src/tkiptun-ng.c  View
387363 35347 CVE-2008-5230 MISC:http://www.aircrack-ng.org/doku.php?id=tkiptun-ng  View
387364 35347 CVE-2008-5230 CISCO:20081121 Cisco Response to TKIP Encryption Weakness  View
387365 35347 CVE-2008-5230 URL:http://www.cisco.com/en/US/products/products_security_response09186a0080a30036.html  View
387366 35347 CVE-2008-5230 BID:32164  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
51170 JVNDB-2008-006480 xine-lib におけるヒープベースのバッファオーバーフローの脆弱性 xine-lib は、(1) demux_qt.c の parse_moov_atom 関数が実行する巧妙に細工されたメタデータの atom サイズ、および (2) id3.c の id3v23_interp_frame 関数のフレーム読み込みに関する処理に不備があるため、ヒープベースのバッファオーバーフローの脆弱性が存在します。 CVE-2008-5234 35347 9.3 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-006480.html  View