Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 1cdb903086f8
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 5450e23dd06e
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Apr 25, 2020

  1. hostapd: apply patch for CVE-2019-16275 

    AP mode PMF disconnection protection bypass

Published: September 11, 2019
Identifiers:
- CVE-2019-16275
Latest version available from: https://w1.fi/security/2019-7/

Vulnerability

hostapd (and wpa_supplicant when controlling AP mode) did not perform
sufficient source address validation for some received Management frames
and this could result in ending up sending a frame that caused
associated stations to incorrectly believe they were disconnected from
the network even if management frame protection (also known as PMF) was
negotiated for the association. This could be considered to be a denial
of service vulnerability since PMF is supposed to protect from this type
of issues. It should be noted that if PMF is not enabled, there would be
no protocol level protection against this type of denial service
attacks.

An attacker in radio range of the access point could inject a specially
constructed unauthenticated IEEE 802.11 frame to the access point to
cause associated stations to be disconnected and require a reconnection
to the network.

Vulnerable versions/configurations

All hostapd and wpa_supplicants versions with PMF support
(CONFIG_IEEE80211W=y) and a runtime configuration enabled AP mode with
PMF being enabled (optional or required). In addition, this would be
applicable only when using user space based MLME/SME in AP mode, i.e.,
when hostapd (or wpa_supplicant when controlling AP mode) would process
authentication and association management frames. This condition would
be applicable mainly with drivers that use mac80211.

Possible mitigation steps

- Merge the following commit to wpa_supplicant/hostapd and rebuild:

  AP: Silently ignore management frame from unexpected source address

  This patch is available from https://w1.fi/security/2019-7/

- Update to wpa_supplicant/hostapd v2.10 or newer, once available

(cherry picked from commit 3e9f3a3)
    @mweinelt
    mweinelt committed Apr 25, 2020
    Copy the full SHA
    356c899 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #86000 from mweinelt/20.03/hostapd/cve-2019-16275 

    [20.03] hostapd: apply patch for CVE-2019-16275
    @worldofpeace
    worldofpeace committed Apr 25, 2020
    Copy the full SHA
    5450e23 View commit details
    Browse the repository at this point in the history