Ubuntu update for wpa_supplicant and hostapd
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 CVE-2016-4476 CVE-2016-4477 |
| CWE-ID | CWE-320 CWE-88 |
| Exploitation vector | Local network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Key management errors
EUVDB-ID: #VU8837
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13077
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Update the affected packages
Ubuntu: 14.04 - 17.04
External linkshttp://www.ubuntu.com/usn/usn-3455-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Key management errors
EUVDB-ID: #VU8838
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13078
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Update the affected packages
Ubuntu: 14.04 - 17.04
External linkshttp://www.ubuntu.com/usn/usn-3455-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Key management errors
EUVDB-ID: #VU8839
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13079
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Update the affected packages
Ubuntu: 14.04 - 17.04
External linkshttp://www.ubuntu.com/usn/usn-3455-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Key management errors
EUVDB-ID: #VU8840
Risk: Medium
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13080
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
The vulnerability is dubbed "KRACK" attack.
Update the affected packages
Ubuntu: 14.04 - 17.04
External linkshttp://www.ubuntu.com/usn/usn-3455-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Key management errors
EUVDB-ID: #VU8841
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13081
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Update the affected packages
Ubuntu: 14.04 - 17.04
External linkshttp://www.ubuntu.com/usn/usn-3455-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Key management errors
EUVDB-ID: #VU8842
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13082
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Update the affected packages
Ubuntu: 14.04 - 17.04
External linkshttp://www.ubuntu.com/usn/usn-3455-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Key management errors
EUVDB-ID: #VU8845
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13086
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11z standard to reinstall a previously used TPK key.
The weakness exists in the processing of the 802.11z (Extensions to Direct-Link Setup) TDLS handshake messages due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop on a TDLS handshake and retransmit previously used message exchanges between supplicant and authenticator.
Update the affected packages
Ubuntu: 14.04 - 17.04
External linkshttp://www.ubuntu.com/usn/usn-3455-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Key management errors
EUVDB-ID: #VU8846
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13087
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used group key.
The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.
Update the affected packages
Ubuntu: 14.04 - 17.04
External linkshttp://www.ubuntu.com/usn/usn-3455-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Key management errors
EUVDB-ID: #VU8847
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13088
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.
Update the affected packages
Ubuntu: 14.04 - 17.04
External linkshttp://www.ubuntu.com/usn/usn-3455-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Denial of service
EUVDB-ID: #VU832
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4476
CWE-ID:
CWE-88 - Argument Injection or Modification
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to improper writing of configuration file update for the WPA/WPA2 passphrase parameter. If the parameter is updated through a WPS operation or local configuration, the resulting configuration file leads to interruption of the hostapd and wpa supplicant functionality.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Update the affected packages
Ubuntu: 14.04 - 17.04
External linkshttp://www.ubuntu.com/usn/usn-3455-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Privilege Escalation
EUVDB-ID: #VU833
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4477
CWE-ID:
CWE-88 - Argument Injection or Modification
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain elevated privileges on the target system.
The weakness exists due to access control error. Updating of the local configuration through the control interface
SET_NETWORK command lets attackers to run code from a localy strored library file under the same privileges as the wpa _supplicant process has.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
Update the affected packages
Ubuntu: 14.04 - 17.04
External linkshttp://www.ubuntu.com/usn/usn-3455-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
