Denial of service in wpa_supplicant

Published: 2018-08-09 09:47:01
Severity Low
Patch available NO
Number of vulnerabilities 1
CVE ID CVE-2018-14526
CVSSv3 6.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CWE ID CWE-20
Exploitation vector Network
Public exploit Not available
Vulnerable software wpa_supplicant
Vulnerable software versions wpa_supplicant 2.6
wpa_supplicant 2.5
wpa_supplicant 2.4.0
Show more
Vendor URL Jouni Malinen

Security Advisory

1) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists on the systems where WPA2/RSN style of EAPOL-Key construction is used with TKIP negotiated as the pairwise cipher due to an error when processing malicious input. A remote attacker can send specially crafted unauthenticated EAPOL-Key frame data to modify the Group Transient Key (GTK) and prevent the target system from accepting group-addressed frames.

Remediation

The vendor offers possible mitigation steps:

- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.

- Merge the following commits to wpa_supplicant and rebuild:

WPA: Ignore unauthenticated encrypted EAPOL-Key data

- Update to wpa_supplicant v2.7 or newer, once available.

External links

http://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt

Back to List