SB2017101624 - Key management errors in wpa_supplicant (Alpine package)
Published: October 16, 2017
Security Bulletin ID
SB2017101624
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Key management errors (CVE-ID: CVE-2017-13087)
The vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used group key.The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=faf3d9eaa18b2d6671c4fcbe7175763df52b5b60
- https://git.alpinelinux.org/aports/commit/?id=5d9b6ee36295e84a95a5f48e7d226f6f2da265a7
- https://git.alpinelinux.org/aports/commit/?id=57cd67fa16df97115527b17820f127ef78598e94
- https://git.alpinelinux.org/aports/commit/?id=a274bb496caede406362dbb9deecc5b6e9a6b1a2
- https://git.alpinelinux.org/aports/commit/?id=02cd073e9970950f6a8d660f7a1616631dba33d9
- https://git.alpinelinux.org/aports/commit/?id=d9700fde5211ea28dddaf8bc528e44b0dfac9245