SB2017101619 - Key management errors in wpa_supplicant (Alpine package)
Published: October 16, 2017
Security Bulletin ID
SB2017101619
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Key management errors (CVE-ID: CVE-2017-13082)
The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=904e2d699295d64fe5097fc46a9c6719fe26dc7a
- https://git.alpinelinux.org/aports/commit/?id=ef10b27afb6ce933891b3e0abf3f090f3e583900
- https://git.alpinelinux.org/aports/commit/?id=5d9b6ee36295e84a95a5f48e7d226f6f2da265a7
- https://git.alpinelinux.org/aports/commit/?id=7dca9d929a4605b561d5afe28d79acd759535281
- https://git.alpinelinux.org/aports/commit/?id=57cd67fa16df97115527b17820f127ef78598e94
- https://git.alpinelinux.org/aports/commit/?id=a274bb496caede406362dbb9deecc5b6e9a6b1a2
- https://git.alpinelinux.org/aports/commit/?id=02cd073e9970950f6a8d660f7a1616631dba33d9
- https://git.alpinelinux.org/aports/commit/?id=d9700fde5211ea28dddaf8bc528e44b0dfac9245