Commit graph

28 commits

Author SHA1 Message Date
Martin Weinelt
3e9f3a3ebd
hostapd: apply patch for CVE-2019-16275
AP mode PMF disconnection protection bypass

Published: September 11, 2019
Identifiers:
- CVE-2019-16275
Latest version available from: https://w1.fi/security/2019-7/

Vulnerability

hostapd (and wpa_supplicant when controlling AP mode) did not perform
sufficient source address validation for some received Management frames
and this could result in ending up sending a frame that caused
associated stations to incorrectly believe they were disconnected from
the network even if management frame protection (also known as PMF) was
negotiated for the association. This could be considered to be a denial
of service vulnerability since PMF is supposed to protect from this type
of issues. It should be noted that if PMF is not enabled, there would be
no protocol level protection against this type of denial service
attacks.

An attacker in radio range of the access point could inject a specially
constructed unauthenticated IEEE 802.11 frame to the access point to
cause associated stations to be disconnected and require a reconnection
to the network.

Vulnerable versions/configurations

All hostapd and wpa_supplicants versions with PMF support
(CONFIG_IEEE80211W=y) and a runtime configuration enabled AP mode with
PMF being enabled (optional or required). In addition, this would be
applicable only when using user space based MLME/SME in AP mode, i.e.,
when hostapd (or wpa_supplicant when controlling AP mode) would process
authentication and association management frames. This condition would
be applicable mainly with drivers that use mac80211.

Possible mitigation steps

- Merge the following commit to wpa_supplicant/hostapd and rebuild:

  AP: Silently ignore management frame from unexpected source address

  This patch is available from https://w1.fi/security/2019-7/

- Update to wpa_supplicant/hostapd v2.10 or newer, once available
2020-04-25 14:35:20 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Florian Klink
c36b8c57c2
Merge pull request #75140 from tomfitzhenry/hostapd-getrandom
hostapd: use getrandom(2)
2019-12-07 23:01:06 +01:00
Félix Baylac-Jacqué
abc9b32fc6 hostapd: 2.8 -> 2.9
Associated release note:
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt

Note: we are building hostapd with the CONFIG_EAP_PWD=y flag by
default, we might be impacted by a EAP_PWD side-channel attach on
hostapd 2.8.
2019-12-07 12:02:10 +01:00
Tom Fitzhenry
fd1c0db18c hostapd: use getrandom(2)
Motivation: Devices with few entropy sources on boot hang/block if many services try to
read from /dev/random.

https://w1.fi/cgit/hostap/commit/?id=89a7cdd690b48a0c56380cf4609442ed13527f44
states getrandom() is recommended, but not enabled by default since it
relies on:

* Linux kernel 3.17 (NixOS 19.09 has 4.19; master presumably later)
* glibc 2.25 (NixOS master has 2.27
  https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/glibc/common.nix#L37 )
2019-12-07 19:31:35 +11:00
c0bw3b
9367367dfd Treewide: fix URL permanent redirects
Permanent redirects on homepages and/or source URLs
as reported by Repology
2019-11-16 01:41:23 +01:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
Florian Klink
1e5a8f9dd7 hostapd: remove global with stdenv.lib 2019-06-26 09:26:29 +02:00
Félix Baylac-Jacqué
f3b94dee34
hostapd: fix hostapd noscan patch url.
Something somehow got wrong in #63699; some adjustments made after the
review have been discarded :/
2019-06-26 08:20:39 +02:00
Félix Baylac-Jacqué
98deb87354
hostapd: Add noscan mode.
Applies OpenWRT's noscan patch to hostapd and the relevant option to
the hostapd module.

This noscan patch adds a new `noscan` option allowing us to create
some overlapping BSSs in HT40+/- mode.

Note: this option is disabled by default, we leave this up to the end
user whether it should be enabled or not.

Not being able to create those overlapping BSSs is basically
preventing us to use 802.11n in any urban area where chances to
overlap with another SSID are extremely high.

The patch we are using is a courtesy of the openwrt team and is
applied to the defaul hostapd package in both OpenWRT and Archlinux.
2019-06-24 00:26:20 +02:00
Will Dietz
bc069315cb hostapd: 2.7 -> 2.8 2019-04-22 15:25:06 -05:00
Clemens Fruhwirth
3e7af59243 hostapd: 2.6 -> 2.7 2019-02-20 10:48:00 +01:00
Jörg Thalheim
b5c1deca8a
treewide: remove wkennington as maintainer
He prefers to contribute to his own nixpkgs fork triton.
Since he is still marked as maintainer in many packages
this leaves the wrong impression he still maintains those.
2019-01-26 10:05:32 +00:00
Robin Gloster
04a2885dbf
hostapd: install man pages 2018-05-22 14:30:54 +02:00
Graham Christensen
629965a532
hostapd: patch for KRACKAttack
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
    CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
    CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
    CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
    CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
    CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
    CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
    CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
    CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
    CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
2017-10-16 07:33:43 -04:00
Maximilian Güntner
daf07c9d62
hostapd/wpa_supplicant: update urls 2017-09-17 13:46:11 +02:00
Matthew Robbetts
b9418091f4 hostapd: libressl patches. 2017-02-25 10:15:53 +01:00
Robin Gloster
df58ed2f13
hostapd: 2.5 -> 2.6 2017-02-17 00:11:37 +01:00
Franz Pletz
2fa9bd5059 hostapd: add patch to fix build with libressl
Fixes #17315.
2016-07-29 12:03:08 +02:00
Matthew Robbetts
e434ce8f49 hostapd: 2.4 -> v2.5, fixes #17164 2016-07-23 00:56:53 +02:00
William A. Kennington III
076dff2f58 hostapd: Refactoring 2015-04-24 15:12:55 -07:00
William A. Kennington III
09ca343089 hostapd: 2.3 -> 2.4 2015-03-26 12:30:51 -07:00
Michael Raskin
1602f9b90a Update hostapd 2014-10-12 12:34:16 +04:00
Evgeny Egorochkin
9f957d054f hostapd: update from 2.0 to 2.1 2014-04-03 07:05:07 +03:00
Krofek
2b6c07f5a8 hostapd update: 1.0 -> 2.0 2013-09-16 23:06:51 +02:00
Jack Cummings
3ac299934d enable 802.11n by default. 2013-03-11 02:31:51 -07:00
Mathijs Kwik
3de1a56a73 hostapd: upgrade to 1.0 2012-09-09 13:04:14 +02:00
Evgeny Egorochkin
e873eebeb6 hostapd: packaged.
svn path=/nixpkgs/trunk/; revision=27501
2011-06-19 23:30:57 +00:00