OpenBSD errata, Mar 1, 2017

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

OpenBSD errata, Mar 1, 2017

Stefan Sperling-8
A man-in-the-middle vulnerability has been found in OpenBSD's wireless stack.
A malicious access point can trick an OpenBSD client using WPA1 or WPA2 into
connecting to this malicious AP instead of the desired AP. When this attack is
used successfully the OpenBSD client will send and accept unencrypted frames.

This problem only affects OpenBSD clients. OpenBSD access points are unaffected.

Thanks to Mathy Vanhoef <[hidden email]> for finding and
reporting the issue, providing a demo exploit and an initial patch, and
working through several iterations of the patch together with me.

The problem has been fixed in -current. For 5.9 and 6.0 the following errata
patches are available.

https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/018_net80211.patch.sig

https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/035_net80211.patch.sig