lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 20 Apr 2017 15:38:09 -0400 (EDT)
From:   David Miller <davem@...emloft.net>
To:     johannes@...solutions.net
Cc:     netdev@...r.kernel.org, linux-wireless@...r.kernel.org,
        johannes.berg@...el.com
Subject: Re: [PATCH net] mac80211: reject ToDS broadcast data frames

From: Johannes Berg <johannes@...solutions.net>
Date: Thu, 20 Apr 2017 21:32:16 +0200

> From: Johannes Berg <johannes.berg@...el.com>
> 
> AP/AP_VLAN modes don't accept any real 802.11 multicast data
> frames, but since they do need to accept broadcast management
> frames the same is currently permitted for data frames. This
> opens a security problem because such frames would be decrypted
> with the GTK, and could even contain unicast L3 frames.
> 
> Since the spec says that ToDS frames must always have the BSSID
> as the RA (addr1), reject any other data frames.
> 
> The problem was originally reported in "Predicting, Decrypting,
> and Abusing WPA2/802.11 Group Keys" at usenix
> https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/vanhoef
> and brought to my attention by Jouni.
> 
> Cc: stable@...r.kernel.org
> Reported-by: Jouni Malinen <j@...fi>
> Signed-off-by: Johannes Berg <johannes.berg@...el.com>
> --
> Dave, I didn't want to send you a new pull request for a single
> commit yet again - can you apply this one patch as is?

Sure, done.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ