Fedora 25 update for hostapd
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 |
| CWE-ID | CWE-320 CWE-264 |
| Exploitation vector | Local network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system hostapd Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Key management errors
EUVDB-ID: #VU8837
Risk: High
CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-13077
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
hostapd: before 2.6-6.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-cfb950d8f4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Key management errors
EUVDB-ID: #VU8838
Risk: High
CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-13078
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
hostapd: before 2.6-6.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-cfb950d8f4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Key management errors
EUVDB-ID: #VU8839
Risk: High
CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-13079
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
hostapd: before 2.6-6.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-cfb950d8f4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Security restrictions bypass
EUVDB-ID: #VU9591
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-13080
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to write arbitrary files on the target system.
The weakness exists due to Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake. An adjacent attacker can replay frames from access points to clients.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
hostapd: before 2.6-6.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-cfb950d8f4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Key management errors
EUVDB-ID: #VU8840
Risk: Medium
CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2017-13080
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
The vulnerability is dubbed "KRACK" attack.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
hostapd: before 2.6-6.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-cfb950d8f4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Key management errors
EUVDB-ID: #VU8841
Risk: High
CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-13081
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
hostapd: before 2.6-6.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-cfb950d8f4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Key management errors
EUVDB-ID: #VU8842
Risk: High
CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-13082
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
hostapd: before 2.6-6.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-cfb950d8f4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Key management errors
EUVDB-ID: #VU8845
Risk: High
CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-13086
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11z standard to reinstall a previously used TPK key.
The weakness exists in the processing of the 802.11z (Extensions to Direct-Link Setup) TDLS handshake messages due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop on a TDLS handshake and retransmit previously used message exchanges between supplicant and authenticator.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
hostapd: before 2.6-6.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-cfb950d8f4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Key management errors
EUVDB-ID: #VU8846
Risk: High
CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-13087
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used group key.
The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
hostapd: before 2.6-6.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-cfb950d8f4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Key management errors
EUVDB-ID: #VU8847
Risk: High
CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-13088
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
hostapd: before 2.6-6.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-cfb950d8f4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
