Eight patches have been posted so, it should be easy to patch 2.5, MFC, and
bring head up to 2.6 later. This should avoid the risk of possible regressions.
I haven't looked at the ports.
Sent using a tiny phone keyboard. Apologies for any typos and autocorrect.
<cy.schub...@cschubert.com> or <c...@freebsd.org>
From: Rodney W. Grimes
Sent: 16/10/2017 11:14
To: Kevin Oberman
Cc: Adrian Chadd; Cy Schubert; Lev Serebryakov; blubee blubeeme; Poul-Henning
Kamp; FreeBSD current
Subject: Re: cve-2017-13077 - WPA2 security vulni
> On Mon, Oct 16, 2017 at 8:55 AM, Adrian Chadd <adrian.ch...@gmail.com>
> > hi,
> > I got the patches a couple days ago. I've been busy with personal life
> > stuff so I haven't updated our in-tree hostapd/wpa_supplicant. If
> > someone beats me to it, great, otherwise I'll try to do it in the next
> > couple days.
> > I was hoping (!) for a hostap/wpa_supplicant 2.7 update to just update
> > everything to but so far nope. It should be easy enough to update the
> > port for now as it's at 2.6.
> > -adrian
> > On 16 October 2017 at 06:04, Cy Schubert <cy.schub...@komquats.com> wrote:
> > > In message <44161b4d-f834-a01d-6ddb-475f20876...@freebsd.org>, Lev
> > Serebryakov
> > > writes:
> > >> On 16.10.2017 13:38, blubee blubeeme wrote:
> > >>
> > >> > well, that's a cluster if I ever seen one.
> > >> It is really cluster: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
> > >> CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084,
> > >> CVE-2017-13086,CVE-2017-13087, CVE-2017-13088.
> > >
> > > The gory details are here: https://w1.fi/security/2017-1/
> > wpa-packet-number-reuse-with-replayed-messages.txt
> > >
> > > The announcement is here:
> > > https://www.krackattacks.com/
> > >
> > >
> > > --
> > > Cheers,
> > > Cy Schubert <cy.schub...@cschubert.com>
> > > FreeBSD UNIX: <c...@freebsd.org> Web: http://www.FreeBSD.org
> > >
> > > The need of the many outweighs the greed of the few.
> > >
> While I do not encourage waiting, it is quite likely that the upstream
> patch wil show up very soon now that the vulnerability is public.
> It's also worth noting that fixing either end of the connection is all that
> is required, as I understand it. So getting an update for your AP is not
> required. That is very fortunate as the industry has a rather poor record
> of getting out firmware updates for hardware more than a few months old.
> Also, it appears that Windows and iOS are not vulnerable due to flaws in
> their implementation of the WPA2 spec. (Of course, if you update your
> AP(s), you no longer need to worry about your end devices.
>From my reading of the attack it is the client side that must
be fixed, you can not mitigate the client side bug by an update
to the AP.
> Kevin Oberman, Part time kid herder and retired Network Engineer
> E-mail: rkober...@gmail.com
> PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
> email@example.com mailing list
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Rod Grimes rgri...@freebsd.org
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"