cancel
Showing results for 
Search instead for 
Did you mean: 

How to upgrade and patch for wpa2 KRACK?

hyosang_choi
Valued Contributor
Hi.

I have seen RN for KRACK patch.

There is written as 1) APPLY AP PATCH 2) APPLY KSP FIX 3) APPLY AP CLI Scripts.

I can't find a file about 2) KSP FIX.

Where is the KSP file.?

And Must I apply the KSP file on SZ?

Thanks and Regards.
2 REPLIES 2

michael_brado
Esteemed Contributor II
Hello Jeronimo, Community,

    SZ 3.5.1 and 3.4.2 (latest native releases) install a .noarch.patch file.  If you have Zones
under 3.5.1 or 3.4.2 for versions 3.2.1 or 3.1.2, you install .ksp files.  Please see the descriptions
on the SZ firmware download pages. They have the exact filenames and extentions for your
reference.  SZ-100 and vSZ-E controllers need to be upgraded to 3.4.2 or 3.5.1 presently.

https://support.ruckuswireless.com/software/1481-smartzone-3-5-1-mr1-patch1-software-release-wpa2-kr...

https://support.ruckuswireless.com/software/1482-smartzone-3-4-2-mr2-patch2-software-release-wpa2-kr...

   Management has decided to create .noarch.patch files to directly upgrade systems that are
running 3.2.1 and 3.1.2 in native mode (such as SZ-100/vSZ-E) and ZD 9.7.2, and these should
come before the end of November.

Please follow current status information on our Ruckus KRACK Support Resource Center page.

https://support.ruckuswireless.com/krack-ruckus-wireless-support-resource-center

The Ruckus AP CLI scripts for SZ 3.1.2 - 3.5.1 will disable EAPOL retries, to protect wireless clients
that do not have WPA2 KRACK fix firmware upgrades.

https://support.ruckuswireless.com/software/1487-smartzone-3-1-2-3-5-1-software-release-ap-cli-scrip... 


Apple has released iOS 11.1 wich includes fixes for the KRACK vulnerabilities:  https://support.apple.com/en-us/HT208222


Available for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven