]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commit
projects / people / pmueller / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a54350c) | patch
KRACK attack: Patch wpa_supplicant & hostapd
authorMichael Tremer <michael.tremer@ipfire.org>
Mon, 16 Oct 2017 14:49:35 +0000 (15:49 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 16 Oct 2017 14:49:35 +0000 (15:49 +0100)
commitd7d5774529358c4ccbfc841f7ac1726d384a6bc9
tree078b7b19f3a5952332bd2dbc185aa84b4ad89979tree | snapshot
parenta54350cdb9d56691644486a49b7e5b7594d8d504commit | diff
KRACK attack: Patch wpa_supplicant & hostapd

A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.

This fixes: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
  CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,
  CVE-2017-13087, CVE-2017-13088

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
18 files changed:
lfs/hostapd diff | blob | blame | history
lfs/wpa_supplicant diff | blob | blame | history
src/patches/wpa_supplicant/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/0004-Prevent-installation-of-an-all-zero-TK.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/0006-TDLS-Reject-TPK-TK-reconfiguration.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch [new file with mode: 0644] blob
src/patches/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch [new file with mode: 0644] blob
Peter's tree of IPFire 2.x