| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170420.153809.763038513182171279.davem@davemloft.net>
Date: Thu, 20 Apr 2017 15:38:09 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: johannes@...solutions.net
Cc: netdev@...r.kernel.org, linux-wireless@...r.kernel.org,
johannes.berg@...el.com
Subject: Re: [PATCH net] mac80211: reject ToDS broadcast data frames
From: Johannes Berg <johannes@...solutions.net>
Date: Thu, 20 Apr 2017 21:32:16 +0200
> From: Johannes Berg <johannes.berg@...el.com>
>
> AP/AP_VLAN modes don't accept any real 802.11 multicast data
> frames, but since they do need to accept broadcast management
> frames the same is currently permitted for data frames. This
> opens a security problem because such frames would be decrypted
> with the GTK, and could even contain unicast L3 frames.
>
> Since the spec says that ToDS frames must always have the BSSID
> as the RA (addr1), reject any other data frames.
>
> The problem was originally reported in "Predicting, Decrypting,
> and Abusing WPA2/802.11 Group Keys" at usenix
> https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/vanhoef
> and brought to my attention by Jouni.
>
> Cc: stable@...r.kernel.org
> Reported-by: Jouni Malinen <j@...fi>
> Signed-off-by: Johannes Berg <johannes.berg@...el.com>
> --
> Dave, I didn't want to send you a new pull request for a single
> commit yet again - can you apply this one patch as is?
Sure, done.
Powered by blists - more mailing lists