openwrt/package/network/services/hostapd/patches
John Crispin 433c94f296 wpa_supplicant: fix CVE-2018-14526
Unauthenticated EAPOL-Key decryption in wpa_supplicant

Published: August 8, 2018
Identifiers:
- CVE-2018-14526
Latest version available from: https://w1.fi/security/2018-1/

Vulnerability

A vulnerability was found in how wpa_supplicant processes EAPOL-Key
frames. It is possible for an attacker to modify the frame in a way that
makes wpa_supplicant decrypt the Key Data field without requiring a
valid MIC value in the frame, i.e., without the frame being
authenticated. This has a potential issue in the case where WPA2/RSN
style of EAPOL-Key construction is used with TKIP negotiated as the
pairwise cipher. It should be noted that WPA2 is not supposed to be used
with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
and with that pairwise cipher, this vulnerability is not applicable in
practice.

When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
field is encrypted using RC4. This vulnerability allows unauthenticated
EAPOL-Key frames to be processed and due to the RC4 design, this makes
it possible for an attacker to modify the plaintext version of the Key
Data field with bitwise XOR operations without knowing the contents.
This can be used to cause a denial of service attack by modifying
GTK/IGTK on the station (without the attacker learning any of the keys)
which would prevent the station from accepting received group-addressed
frames. Furthermore, this might be abused by making wpa_supplicant act
as a decryption oracle to try to recover some of the Key Data payload
(GTK/IGTK) to get knowledge of the group encryption keys.

Full recovery of the group encryption keys requires multiple attempts
(128 connection attempts per octet) and each attempt results in
disconnection due to a failure to complete the 4-way handshake. These
failures can result in the AP/network getting disabled temporarily or
even permanently (requiring user action to re-enable) which may make it
impractical to perform the attack to recover the keys before the AP has
already changes the group keys. By default, wpa_supplicant is enforcing
at minimum a ten second wait time between each failed connection
attempt, i.e., over 20 minutes waiting to recover each octet while
hostapd AP implementation uses 10 minute default for GTK rekeying when
using TKIP. With such timing behavior, practical attack would need large
number of impacted stations to be trying to connect to the same AP to be
able to recover sufficient information from the GTK to be able to
determine the key before it gets changed.

Vulnerable versions/configurations

All wpa_supplicant versions.

Acknowledgments

Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue.

Possible mitigation steps

- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.

- Merge the following commits to wpa_supplicant and rebuild:

WPA: Ignore unauthenticated encrypted EAPOL-Key data

This patch is available from https://w1.fi/security/2018-1/

- Update to wpa_supplicant v2.7 or newer, once available

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 1961948585)
2018-08-10 15:51:24 +02:00
..
020-mesh-properly-handle-sae_password.patch hostapd: fix mesh+AP 2018-05-14 09:48:58 +02:00
021-mesh-make-forwarding-configurable.patch hostapd: fix mesh+AP 2018-05-14 09:48:58 +02:00
022-mesh-fix-crash-with-CONFIG_TAXONOMY-enabled.patch hostapd: fix a mesh mode crash with CONFIG_TAXONOMY enabled 2018-05-03 12:38:33 +02:00
030-rsn_supp-fix-stub-pmksa_cache.patch hostapd: fix mesh+AP 2018-05-14 09:48:58 +02:00
031-mesh-add-VHT_CHANWIDTH_USE_HT-to-max_oper_chwidth.patch hostapd: fix mesh+AP 2018-05-14 09:48:58 +02:00
032-mesh-implement-use-of-VHT20-config-in-mesh-mode.patch hostapd: fix mesh+AP 2018-05-14 09:48:58 +02:00
033-mesh-fix-parsing-of-max_oper_chwidth.patch hostapd: fix VHT80 for encrypted mesh channel settings 2018-05-14 19:07:37 +02:00
100-daemonize_fix.patch hostapd: update to version 2017-08-24 2017-10-07 05:46:04 +03:00
110-no_eapol_fix.patch hostapd: update to git snapshot of 2018-03-26 2018-03-27 19:25:32 +02:00
120-disable_bridge_packet_workaround.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
200-multicall.patch hostapd: fix mesh+AP 2018-05-14 09:48:58 +02:00
300-noscan.patch hostapd: fix mesh+AP 2018-05-14 09:48:58 +02:00
301-mesh-noscan.patch hostapd: fix mesh+AP 2018-05-14 09:48:58 +02:00
310-rescan_immediately.patch hostapd: fix mesh+AP 2018-05-14 09:48:58 +02:00
320-optional_rfkill.patch hostapd: update to version 2016-12-15 2016-12-20 16:24:21 +01:00
330-nl80211_fix_set_freq.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
340-reload_freq_change.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
350-nl80211_del_beacon_bss.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
360-ctrl_iface_reload.patch hostapd: update to git snapshot of 2018-03-26 2018-03-27 19:25:32 +02:00
370-ap_sta_support.patch hostapd: fix mesh+AP 2018-05-14 09:48:58 +02:00
380-disable_ctrl_iface_mib.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
390-wpa_ie_cap_workaround.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
400-wps_single_auth_enc_type.patch hostapd: update to git snapshot of 2018-03-26 2018-03-27 19:25:32 +02:00
410-limit_debug_messages.patch hostapd: backport support for sending debug messages to the syslog 2017-01-30 06:52:02 +01:00
420-indicate-features.patch hostapd: update to git snapshot of 2018-03-26 2018-03-27 19:25:32 +02:00
430-hostapd_cli_ifdef.patch hostapd: update to git snapshot of 2018-03-26 2018-03-27 19:25:32 +02:00
431-wpa_cli_ifdef.patch hostapd: update to version 2016-09-05 2016-09-08 15:28:38 +02:00
432-missing-typedef.patch hostapd: fix compilation error in wext backend 2016-06-15 19:10:32 +02:00
450-scan_wait.patch hostapd: update to git snapshot of 2018-03-26 2018-03-27 19:25:32 +02:00
460-wpa_supplicant-add-new-config-params-to-be-used-with.patch hostapd: fix mesh+AP 2018-05-14 09:48:58 +02:00
461-driver_nl80211-use-new-parameters-during-ibss-join.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
463-add-mcast_rate-to-11s.patch hostapd: fix mesh+AP 2018-05-14 09:48:58 +02:00
464-fix-mesh-obss-check.patch hostapd: fix mesh+AP 2018-05-14 09:48:58 +02:00
470-survey_data_fallback.patch hostapd: update to version 2017-08-24 2017-10-07 05:46:04 +03:00
600-ubus_support.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch wpa_supplicant: fix CVE-2018-14526 2018-08-10 15:51:24 +02:00
0101-mesh-factor-out-mesh-join-function.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0102-mesh-factor-out-rsn-initialization.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0103-mesh-relocate-RSN-init-function.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0104-mesh-use-setup-completion-callback-to-complete-mesh-.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0105-mesh-reflect-country-setting-to-mesh-configuration.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0106-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0107-mesh-apply-channel-attributes-before-running-Mesh.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0108-mesh-set-interface-type-to-mesh-before-setting-inter.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0109-mesh-set-mesh-center-frequency.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0110-mesh-consider-mesh-interface-on-dfs-event-handler.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0111-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0112-mesh-allow-mesh-to-send-channel-switch-request.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0113-mesh-do-not-allow-pri-sec-channel-switch.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0114-mesh-do-not-allow-scan-result-to-swap-pri-sec.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
0115-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00