Key management errors in wpa_supplicant (Alpine package)

1) Key management errors

EUVDB-ID: #VU8842

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13082

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Install update from vendor's website.

Vulnerable software versions

wpa_supplicant (Alpine package): 2.6-r1

External links

http://git.alpinelinux.org/aports/commit/?id=904e2d699295d64fe5097fc46a9c6719fe26dc7a
http://git.alpinelinux.org/aports/commit/?id=ef10b27afb6ce933891b3e0abf3f090f3e583900
http://git.alpinelinux.org/aports/commit/?id=5d9b6ee36295e84a95a5f48e7d226f6f2da265a7
http://git.alpinelinux.org/aports/commit/?id=7dca9d929a4605b561d5afe28d79acd759535281
http://git.alpinelinux.org/aports/commit/?id=57cd67fa16df97115527b17820f127ef78598e94
http://git.alpinelinux.org/aports/commit/?id=a274bb496caede406362dbb9deecc5b6e9a6b1a2
http://git.alpinelinux.org/aports/commit/?id=02cd073e9970950f6a8d660f7a1616631dba33d9
http://git.alpinelinux.org/aports/commit/?id=d9700fde5211ea28dddaf8bc528e44b0dfac9245

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.