diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-18:11.hostapd.asc')
| -rw-r--r-- | share/security/advisories/FreeBSD-SA-18:11.hostapd.asc | 159 |
1 files changed, 0 insertions, 159 deletions
diff --git a/share/security/advisories/FreeBSD-SA-18:11.hostapd.asc b/share/security/advisories/FreeBSD-SA-18:11.hostapd.asc deleted file mode 100644 index 9aad35b17b..0000000000 --- a/share/security/advisories/FreeBSD-SA-18:11.hostapd.asc +++ /dev/null @@ -1,159 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -============================================================================= -FreeBSD-SA-18:11.hostapd Security Advisory - The FreeBSD Project - -Topic: Unauthenticated EAPOL-Key Decryption Vulnerability - -Category: contrib -Module: wpa -Announced: 2018-08-14 -Credits: Mathy Vanhoef of the imec-DistriNet research group of - KU Leuven -Affects: All supported versions of FreeBSD. -Corrected: 2018-08-15 05:03:54 UTC (stable/11, 11.1-STABLE) - 2018-08-15 02:30:11 UTC (releng/11.2, 11.2-RELEASE-p2) - 2018-08-15 02:30:11 UTC (releng/11.1, 11.1-RELEASE-p13) - 2018-08-15 05:05:02 UTC (stable/10, 10.4-STABLE) - 2018-08-15 02:31:10 UTC (releng/10.4, 10.4-RELEASE-p11) -CVE Name: CVE-2018-14526 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:https://security.FreeBSD.org/>. - -I. Background - -The wpa_supplicant(8) utility is a client (supplicant) with support for WPA -and WPA2 (IEEE 802.11i / RSN). It is suitable for both desktop and laptop -computers as well as embedded systems. Supplicant is the IEEE 802.1X/WPA -component that is used in the client stations. It implements key negotiation -with a WPA Authenticator and it controls the roaming and IEEE 802.11 -authentication/association of the wlan(4) driver. - -The wpa_supplicant(8) utility is designed to be a "daemon" program that runs -in the background and acts as the backend component controlling the wireless -connection. The wpa_supplicant(8) utility supports separate frontend programs -and a text-based frontend (wpa_cli(8)) and a GUI (wpa_gui) are included with -wpa_supplicant(8). - -II. Problem Description - -When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC -flag set, the data field was decrypted first without verifying the MIC. When -the dta field was encrypted using RC4, for example, when negotiating TKIP as -a pairwise cipher, the unauthenticated but decrypted data was subsequently -processed. This opened wpa_supplicant(8) to abuse by decryption and recovery -of sensitive information contained in EAPOL-Key messages. - -See https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt -for a detailed description of the bug. - -III. Impact - -All users of the WPA2 TKIP pairwise cipher are vulnerable to information, for -example, the group key. - -IV. Workaround - -Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks in -wpa_supplicant.conf(5) by changing 'pairwise=CCMP TKIP' to 'pariwise=CCMP'. - -This can also be mitigated by removing TKIP as a cipher on the AP. - -Systems and users who do not use WPA2 TKIP are not affected. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to a supported FreeBSD stable or -release / security branch (releng) dated after the correction date. - -2) To update your vulnerable system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install - -3) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -[FreeBSD 11.x] -# fetch https://security.FreeBSD.org/patches/SA-18:11/hostapd.patch -# fetch https://security.FreeBSD.org/patches/SA-18:11/hostapd.patch.asc -# gpg --verify hostapd.patch.asc - -[FreeBSD 10.4] -# fetch https://security.FreeBSD.org/patches/SA-18:11/hostapd-10.patch -# fetch https://security.FreeBSD.org/patches/SA-18:11/hostapd-10.patch.asc -# gpg --verify hostapd-10.patch.asc - -b) Apply the patch. Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile the operating system using buildworld and installworld as -described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. - -Restart the applicable daemons, or reboot the system. - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/10/ r337832 -releng/10.4/ r337829 -stable/11/ r337831 -releng/11.1/ r337828 -releng/11.2/ r337828 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt> - -<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526> - -The latest revision of this advisory is available at -<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.hostapd.asc> ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.2.9 (FreeBSD) - -iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltztf8ACgkQ05eS9J6n -5cJ2kRAAiuef2NM6sG/OJhjIi3zTNZRTmO2S7BcaD8w7RDmH0rp1XPzTRs8CyWxo -zLfoubOwIucS1nQGHHYhwTYSXw7lFvGWbebuzhNcEUOc8a1TrpLlyinqF8KDgfNd -RSkTR1OTF91BEjlYKjuIFKUZ6OxUCpgUrprneEyn5wV/0eLkRv3VNqUuAwkTqU/i -X7pnFd2BXPpvKTatefpGjnYmo3j3oJSiQeXcPM9zgcm6n9ZD+KiC48vdvbZGmERt -HsMzUy0Z+OehKMJ+RvemWTiEwEFO7BK/FFgGH8LAgrwd0xff2RDU7S0NeCd+p76g -y98aUg0WF6RqHXU/xHeHpljHxzrWP3Msb56NqB+phFuEKvVoVimGL54P6/sBSbq+ -eACFcTUcf88MLry41zKBchSmekzSdzeV1S6kQGG74W7DfYY/UdF/4ves/eNqO13l -J5PjjusPn5IS+IP1omA6imJNHoEUrKR4ZW6KXZEfF7NdtcLGRebrAGySdqD0jHPP -23fkVQRmEL23fwtlONxNhvrF/oA09/oHS++MUEUxF6b6BRyq0sQ/aBXU5GpoI8VQ -5nDcASCloson18oA91T125bwD1bt6yLeTaFWhRJj6eeEI5HcJchZ9m1kGflNxEO9 -vM6bvIEPmF1IcR304i1os2JMgWHOAtOKxlsZpnwGs9U0qJu9/nw= -=34YE ------END PGP SIGNATURE----- |