How to upgrade and patch for wpa2 KRACK?

  • 1
  • Question
  • Updated 7 months ago
Hi.

I have seen RN for KRACK patch.

There is written as 1) APPLY AP PATCH 2) APPLY KSP FIX 3) APPLY AP CLI Scripts.

I can't find a file about 2) KSP FIX.

Where is the KSP file.?

And Must I apply the KSP file on SZ?

Thanks and Regards.
Photo of Jeronimo

Jeronimo

  • 214 Posts
  • 23 Reply Likes

Posted 7 months ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 2347 Posts
  • 321 Reply Likes
Hello Jeronimo, Community,

    SZ 3.5.1 and 3.4.2 (latest native releases) install a .noarch.patch file.  If you have Zones
under 3.5.1 or 3.4.2 for versions 3.2.1 or 3.1.2, you install .ksp files.  Please see the descriptions
on the SZ firmware download pages. They have the exact filenames and extentions for your
reference.  SZ-100 and vSZ-E controllers need to be upgraded to 3.4.2 or 3.5.1 presently.

https://support.ruckuswireless.com/software/1481-smartzone-3-5-1-mr1-patch1-software-release-wpa2-kr...

https://support.ruckuswireless.com/software/1482-smartzone-3-4-2-mr2-patch2-software-release-wpa2-kr...

   Management has decided to create .noarch.patch files to directly upgrade systems that are
running 3.2.1 and 3.1.2 in native mode (such as SZ-100/vSZ-E) and ZD 9.7.2, and these should
come before the end of November.

Please follow current status information on our Ruckus KRACK Support Resource Center page.

https://support.ruckuswireless.com/krack-ruckus-wireless-support-resource-center
(Edited)
Photo of Michael Brado

Michael Brado, Official Rep

  • 2347 Posts
  • 321 Reply Likes
The Ruckus AP CLI scripts for SZ 3.1.2 - 3.5.1 will disable EAPOL retries, to protect wireless clients
that do not have WPA2 KRACK fix firmware upgrades.

https://support.ruckuswireless.com/software/1487-smartzone-3-1-2-3-5-1-software-release-ap-cli-scrip... 


Apple has released iOS 11.1 wich includes fixes for the KRACK vulnerabilities:  https://support.apple.com/en-us/HT208222


Available for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
(Edited)