[Bug 256120] [net80211] [patch]: prevent plaintext injecting using cloaked A-MSDUs
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon May 24 13:19:39 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256120
Bug ID: 256120
Summary: [net80211] [patch]: prevent plaintext injecting using
cloaked A-MSDUs
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: wireless
Assignee: wireless at FreeBSD.org
Reporter: mathy.vanhoef at cs.kuleuven.be
Created attachment 225222
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=225222&action=edit
patch: git diff file
FreeBSD is vulnerable to CVE-2020-26144 of the "FragAttacks" findings. For
background see Section 6.5 in https://papers.mathyvanhoef.com/usenix2021.pdf
This vulnerability can be reproduced using the FragAttack test tool at
https://github.com/vanhoefm/fragattacks with the test case "eapol-amsdu-bad
I,P" (the injected ping request should be rejected by the kernel).
The attached patches fixes this vulnerability. It was tested using a Belkin
F5D8053 (run driver) in client mode.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-wireless
mailing list