Key management errors in hostapd (Alpine package)

1) Key management errors

EUVDB-ID: #VU8847

Risk: High

CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2017-13088

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used integrity group key.

The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.

Mitigation

Install update from vendor's website.

Vulnerable software versions

hostapd (Alpine package): 2.6-r0 - 2.6-r1

CPE2.3

• cpe:2.3:a:alpine:hostapd_alpine_package:2.6-r0:*:*:*:*:alpine_linux:*:3.4
• cpe:2.3:a:alpine:hostapd_alpine_package:2.6-r1:*:*:*:*:alpine_linux:*:3.5

External links

https://git.alpinelinux.org/aports/commit/?id=faf3d9eaa18b2d6671c4fcbe7175763df52b5b60
https://git.alpinelinux.org/aports/commit/?id=5d9b6ee36295e84a95a5f48e7d226f6f2da265a7
https://git.alpinelinux.org/aports/commit/?id=57cd67fa16df97115527b17820f127ef78598e94
https://git.alpinelinux.org/aports/commit/?id=a274bb496caede406362dbb9deecc5b6e9a6b1a2
https://git.alpinelinux.org/aports/commit/?id=02cd073e9970950f6a8d660f7a1616631dba33d9
https://git.alpinelinux.org/aports/commit/?id=d9700fde5211ea28dddaf8bc528e44b0dfac9245

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.