SB2017101621 - Key management errors in wpa_supplicant (Alpine package)
Published: October 16, 2017
Security Bulletin ID
SB2017101621
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Key management errors (CVE-ID: CVE-2017-13077)
The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=41b28e3b3b465fa8dab151dbe5e40975f014421b
- https://git.alpinelinux.org/aports/commit/?id=71e80d98081071b4d10324039fe65145316ec81c
- https://git.alpinelinux.org/aports/commit/?id=a39d043ea01e0fb7b6bde640d1d2e3fb90685a1e
- https://git.alpinelinux.org/aports/commit/?id=5d9b6ee36295e84a95a5f48e7d226f6f2da265a7
- https://git.alpinelinux.org/aports/commit/?id=7dca9d929a4605b561d5afe28d79acd759535281
- https://git.alpinelinux.org/aports/commit/?id=662ff3103b7273a29d47f90ac9e63cae39b4d000
- https://git.alpinelinux.org/aports/commit/?id=57cd67fa16df97115527b17820f127ef78598e94
- https://git.alpinelinux.org/aports/commit/?id=a274bb496caede406362dbb9deecc5b6e9a6b1a2
- https://git.alpinelinux.org/aports/commit/?id=02cd073e9970950f6a8d660f7a1616631dba33d9
- https://git.alpinelinux.org/aports/commit/?id=d9700fde5211ea28dddaf8bc528e44b0dfac9245