wpa_supplicant 2.6 fails CVE-2017-13077 even after applying patch

futile presence futilepresence at gmail.com
Fri Nov 10 04:52:44 PST 2017 

Hi,

I am trying to update the wpa_supplicant version 2.6 with all the
security advisories.
https://w1.fi/security/2017-1/

I applied all the patches as below
rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
   02-Oct-2017 16:19     6.1K
rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
   02-Oct-2017 16:19     7.7K
rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
   02-Oct-2017 16:19     6.7K
rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
02-Oct-2017 16:19     2.5K
rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
02-Oct-2017 16:19     1.9K
rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
02-Oct-2017 16:19     4.2K
rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
   02-Oct-2017 16:19     1.6K
rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
   02-Oct-2017 16:19     2.7K

I use the Wi-Fi alliance test tool to check the vulnerability.
https://www.wi-fi.org/security-update-october-2017

I still see the failure in test 4.1.6 (CVE-2017-13077: reinstallation
of the pairwise key in the Four-way handshake)
Please let me know how to solve this issue.

Client-Test# ./vdt_client --4.1.6
[18:04:38] Vulnerablity Detection Tool
[18:04:38] Version 1.1
[18:04:38] Note: disable Wi-Fi in network manager & disable hardware
encryption. Both may interfere with this script.
[18:04:38] Starting hostapd ...
Configuration file: ./hostapd.conf
wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Using interface wlan0 with hwaddr yy:yy:yy:yy:yy and ssid "test_ft_ap_1"
random: Only 18/20 bytes of strong random data available from /dev/random
random: Not enough entropy pool available for secure operations
WPA: Not enough entropy in random pool for secure operations - update
keys later when the first station connects
wlan0: interface state COUNTRY_UPDATE->ENABLED
wlan0: AP-ENABLED
[18:04:39] Ready. Connect to this Access Point to start the tests.
Make sure the client requests an IP using DHCP!
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
[18:04:50] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key
and sending Msg3/4
wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx
wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session
9E42A72B1907B64B
[18:04:50] xx:xx:xx:xx:xx:xx: transmitted data using IV=1 (seq=2)
[18:04:52] xx:xx:xx:xx:xx:xx: Hostapd: already installing pairwise key
[18:04:52] xx:xx:xx:xx:xx:xx: Hostapd: Injecting Msg1 (with random
ANonce) before Msg3 to test TPTK construction attack
[18:04:52] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key
and sending Msg3/4
wlan0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key msg 2/4 in
invalid state (10) - dropped - MIC -1
wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx
[18:04:52] xx:xx:xx:xx:xx:xx: Hostapd: Reset values..
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated
[18:04:52] xx:xx:xx:xx:xx:xx: transmitted data using IV=2 (seq=3)
[18:04:52] xx:xx:xx:xx:xx:xx: Removing ClientState object
[18:04:52] Trying.... 1/20
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to
inactivity (timer DEAUTH/REMOVE)
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
[18:10:49] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key
and sending Msg3/4
wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx
wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session
C767EBAEEA3CC63B
[18:10:51] xx:xx:xx:xx:xx:xx: Hostapd: already installing pairwise key
[18:10:51] xx:xx:xx:xx:xx:xx: Hostapd: Injecting Msg1 (with random
ANonce) before Msg3 to test TPTK construction attack
[18:10:51] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key
and sending Msg3/4
wlan0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key msg 2/4 in
invalid state (10) - dropped - MIC -1
wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx
[18:10:51] xx:xx:xx:xx:xx:xx: Hostapd: Reset values..
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated
[18:10:51] xx:xx:xx:xx:xx:xx: transmitted data using IV=1 (seq=2)
[18:10:51] xx:xx:xx:xx:xx:xx: Removing ClientState object
[18:10:51] Trying.... 2/20
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to
inactivity (timer DEAUTH/REMOVE)
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
[18:10:59] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key
and sending Msg3/4
wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx
wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session
16BACB85F96D1FE5
[18:11:00] xx:xx:xx:xx:xx:xx: transmitted data using IV=1 (seq=2)
[18:11:00] xx:xx:xx:xx:xx:xx: transmitted data using IV=2 (seq=3)
[18:11:01] xx:xx:xx:xx:xx:xx: Hostapd: already installing pairwise key
[18:11:01] xx:xx:xx:xx:xx:xx: Hostapd: Injecting Msg1 (with random
ANonce) before Msg3 to test TPTK construction attack
[18:11:01] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key
and sending Msg3/4
wlan0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key msg 2/4 in
invalid state (10) - dropped - MIC -1
wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx
[18:11:01] xx:xx:xx:xx:xx:xx: Hostapd: Reset values..
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated
[18:11:01] xx:xx:xx:xx:xx:xx: transmitted data using IV=3 (seq=4)
[18:11:01] xx:xx:xx:xx:xx:xx: Removing ClientState object
[18:11:01] Trying.... 3/20
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to
inactivity (timer DEAUTH/REMOVE)
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
[18:11:19] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key
and sending Msg3/4
wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx
wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session
975B616775884EFA
[18:11:19] xx:xx:xx:xx:xx:xx: transmitted data using IV=1 (seq=2)
[18:11:21] xx:xx:xx:xx:xx:xx: Hostapd: already installing pairwise key
[18:11:21] xx:xx:xx:xx:xx:xx: Hostapd: Injecting Msg1 (with random
ANonce) before Msg3 to test TPTK construction attack
[18:11:21] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key
and sending Msg3/4
wlan0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key msg 2/4 in
invalid state (10) - dropped - MIC -1
wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx
[18:11:21] xx:xx:xx:xx:xx:xx: Hostapd: Reset values..
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated
[18:11:21] xx:xx:xx:xx:xx:xx: transmitted data using IV=2 (seq=3)
[18:11:21] xx:xx:xx:xx:xx:xx: Removing ClientState object
[18:11:21] Trying.... 4/20
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to
inactivity (timer DEAUTH/REMOVE)
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
[18:11:33] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key
and sending Msg3/4
wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx
wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session
AC2A27347836C8D6
[18:11:35] xx:xx:xx:xx:xx:xx: Hostapd: already installing pairwise key
[18:11:35] xx:xx:xx:xx:xx:xx: Hostapd: Injecting Msg1 (with random
ANonce) before Msg3 to test TPTK construction attack
[18:11:35] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key
and sending Msg3/4
wlan0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key msg 2/4 in
invalid state (10) - dropped - MIC -1
wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx
[18:11:35] xx:xx:xx:xx:xx:xx: Hostapd: Reset values..
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated
[18:11:35] xx:xx:xx:xx:xx:xx: transmitted data using IV=1 (seq=2)
[18:11:35] xx:xx:xx:xx:xx:xx: Removing ClientState object
[18:11:35] Trying.... 5/20
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to
inactivity (timer DEAUTH/REMOVE)
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
[18:11:46] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key
and sending Msg3/4
wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx
wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session
8AA7B59938D725B6
[18:11:48] xx:xx:xx:xx:xx:xx: Hostapd: already installing pairwise key
[18:11:48] xx:xx:xx:xx:xx:xx: Hostapd: Injecting Msg1 (with random
ANonce) before Msg3 to test TPTK construction attack
[18:11:48] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key
and sending Msg3/4
wlan0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key msg 2/4 in
invalid state (10) - dropped - MIC -1
wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx
[18:11:48] xx:xx:xx:xx:xx:xx: Hostapd: Reset values..
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated
[18:11:48] xx:xx:xx:xx:xx:xx: transmitted data using IV=1 (seq=2)
[18:11:48] xx:xx:xx:xx:xx:xx: Removing ClientState object
[18:11:48] Trying.... 6/20
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to
inactivity (timer DEAUTH/REMOVE)
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
[18:11:53] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key
and sending Msg3/4
wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx
wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session
F21E52CCC5012EFD
[18:11:55] xx:xx:xx:xx:xx:xx: transmitted data using IV=1 (seq=2)
[18:11:55] xx:xx:xx:xx:xx:xx: Hostapd: already installing pairwise key
[18:11:55] xx:xx:xx:xx:xx:xx: Hostapd: Injecting Msg1 (with random
ANonce) before Msg3 to test TPTK construction attack
[18:11:55] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key
and sending Msg3/4
wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx
[18:11:55] xx:xx:xx:xx:xx:xx: Hostapd: Reset values..
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated
[18:11:55] xx:xx:xx:xx:xx:xx: Hostapd: Reset values..
[18:11:55] xx:xx:xx:xx:xx:xx: Removing ClientState object
[18:11:55] Trying.... 7/20
[18:11:55] xx:xx:xx:xx:xx:xx: transmitted data using IV=2 (seq=3)
[18:11:55] xx:xx:xx:xx:xx:xx: usage of all-zero key detected (IV=2,
seq=3). Client is vulnerable to installation of an all-zero key in the
4-way handshake!
[18:11:55] xx:xx:xx:xx:xx:xx: !!! Other tests are unreliable due to
all-zero key usage, please fix this first !!!
[18:11:55] Test Finished
[18:11:55] Closing hostapd and cleaning up ...
wlan0: interface state ENABLED->DISABLED
wlan0: AP-DISABLED
nl80211: deinit ifname=wlan0 disabled_11b_rates=0

Thanks.

More information about the Hostap mailing list