Commits on Apr 25, 2020

1. hostapd: apply patch for CVE-2019-16275 …

   AP mode PMF disconnection protection bypass
   
   Published: September 11, 2019
   Identifiers:
   - CVE-2019-16275
   Latest version available from: https://w1.fi/security/2019-7/
   
   Vulnerability
   
   hostapd (and wpa_supplicant when controlling AP mode) did not perform
   sufficient source address validation for some received Management frames
   and this could result in ending up sending a frame that caused
   associated stations to incorrectly believe they were disconnected from
   the network even if management frame protection (also known as PMF) was
   negotiated for the association. This could be considered to be a denial
   of service vulnerability since PMF is supposed to protect from this type
   of issues. It should be noted that if PMF is not enabled, there would be
   no protocol level protection against this type of denial service
   attacks.
   
   An attacker in radio range of the access point could inject a specially
   constructed unauthenticated IEEE 802.11 frame to the access point to
   cause associated stations to be disconnected and require a reconnection
   to the network.
   
   Vulnerable versions/configurations
   
   All hostapd and wpa_supplicants versions with PMF support
   (CONFIG_IEEE80211W=y) and a runtime configuration enabled AP mode with
   PMF being enabled (optional or required). In addition, this would be
   applicable only when using user space based MLME/SME in AP mode, i.e.,
   when hostapd (or wpa_supplicant when controlling AP mode) would process
   authentication and association management frames. This condition would
   be applicable mainly with drivers that use mac80211.
   
   Possible mitigation steps
   
   - Merge the following commit to wpa_supplicant/hostapd and rebuild:
   
     AP: Silently ignore management frame from unexpected source address
   
     This patch is available from https://w1.fi/security/2019-7/
   
   - Update to wpa_supplicant/hostapd v2.10 or newer, once available
   
   (cherry picked from commit 3e9f3a3)

   

   mweinelt committed Apr 25, 2020
   Unverified

   Unverified

   This commit is not signed, but one or more authors requires that any commit attributed to them is signed.

   Learn about vigilant mode

   Configuration menu

   • View commit details
   • Copy full SHA for 356c899
   • Browse repository at this point

   Copy the full SHA

   356c899 View commit details

   Browse the repository at this point in the history

2. Merge pull request #86000 from mweinelt/20.03/hostapd/cve-2019-16275 …

   [20.03] hostapd: apply patch for CVE-2019-16275

   

   worldofpeace authored Apr 25, 2020
   Verified

   Verified

   This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

   GPG key ID: 4AEE18F83AFDEB23

   Expired

   Verified

   Learn about vigilant mode

   Configuration menu

   • View commit details
   • Copy full SHA for 5450e23
   • Browse repository at this point

   Copy the full SHA

   5450e23 View commit details

   Browse the repository at this point in the history