Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 780135 (CVE-2021-30004)

Summary: <net-wireless/hostapd-2.9-r4: mishandled AlgorithmIdentifier parameters may lead to forging attacks (CVE-2021-30004)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: sam, zerochaos
Priority: Normal Keywords: PullRequest
Version: unspecifiedFlags: nattka: sanity-check+
Hardware: All   
OS: Linux   
URL: https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15
See Also: https://github.com/gentoo/gentoo/pull/22005
Whiteboard: B3 [glsa+ cve]
Package list:
net-wireless/hostapd-2.9-r6
 Runtime testing required: ---
Bug Depends on: 780138    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-04-05 01:01:58 UTC 
CVE-2021-30004:

In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.


Patch at URL but seems there's no tag containing it.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-31 20:55:20 UTC 
Only affects USE=internal-tls which isn't the default.

We are waiting for revision/tagged release with https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15.
Comment 2 Larry the Git Cow gentoo-dev 2021-06-02 12:59:44 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56ce8ace503d45e60b72a79222bb6aada4c76124

commit 56ce8ace503d45e60b72a79222bb6aada4c76124
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-06-02 12:41:04 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-06-02 12:59:30 +0000

    net-wireless/hostapd: fix CVE-2021-30004
    
    Bug: https://bugs.gentoo.org/780135
    Package-Manager: Portage-3.0.19, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 ...date-DigestAlgorithmIdentifier-parameters.patch | 115 +++++++++
 net-wireless/hostapd/hostapd-2.9-r4.ebuild         | 275 +++++++++++++++++++++
 net-wireless/hostapd/hostapd-9999.ebuild           |   2 +
 3 files changed, 392 insertions(+)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-17 20:18:38 UTC 
amd64 done
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-17 20:20:01 UTC 
x86 done
Comment 5 NATTkA bot gentoo-dev 2021-06-17 22:20:32 UTC Comment hidden (obsolete)
Comment 6 Agostino Sarubbo gentoo-dev 2021-06-18 06:28:05 UTC 
ppc stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2021-06-19 18:51:17 UTC 
Commit did not drop keywords down to ~arch:

commit 52123dae78919046f09b506709280128faad0a96
Author: Thomas Deutschmann <whissi@gentoo.org>
Date:   Fri Jun 18 00:06:19 2021 +0200

    net-wireless/hostapd: rev bump for commit 6915847f2

    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

diff --git a/net-wireless/hostapd/hostapd-2.9-r3.ebuild b/net-wireless/hostapd/hostapd-2.9-r5.ebuild
similarity index 100%
rename from net-wireless/hostapd/hostapd-2.9-r3.ebuild
rename to net-wireless/hostapd/hostapd-2.9-r5.ebuild
diff --git a/net-wireless/hostapd/hostapd-2.9-r4.ebuild b/net-wireless/hostapd/hostapd-2.9-r6.ebuild
similarity index 100%
rename from net-wireless/hostapd/hostapd-2.9-r4.ebuild
rename to net-wireless/hostapd/hostapd-2.9-r6.ebuild
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-19 22:01:02 UTC 
Oh, I see, I "fixed" the package list incorrectly. Needed to add 2 to the revision.
Comment 9 Agostino Sarubbo gentoo-dev 2021-06-21 06:18:38 UTC 
ppc stable
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-21 07:18:59 UTC 
arm done
Comment 11 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-21 19:04:08 UTC 
arm64 done

all arches done
Comment 12 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-06-21 19:12:32 UTC 
Please cleanup.
Comment 13 Larry the Git Cow gentoo-dev 2021-08-16 16:17:57 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f8781a5c3a43ae5282b6fc64793d6150366c6193

commit f8781a5c3a43ae5282b6fc64793d6150366c6193
Author:     Jakov Smolic <jakov.smolic@sartura.hr>
AuthorDate: 2021-08-16 14:51:22 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-08-16 16:17:35 +0000

    net-wireless/hostapd: Remove vulnerable 2.9-r5
    
    Bug: https://bugs.gentoo.org/780135
    Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
    Signed-off-by: Sam James <sam@gentoo.org>

 net-wireless/hostapd/hostapd-2.9-r5.ebuild | 270 -----------------------------
 1 file changed, 270 deletions(-)
Comment 14 Larry the Git Cow gentoo-dev 2023-09-30 08:39:59 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=0195ea9f2ff90e0c5b9aab4eb5154bdb3fdb3ed7

commit 0195ea9f2ff90e0c5b9aab4eb5154bdb3fdb3ed7
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-09-30 08:38:51 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-09-30 08:39:50 +0000

    [ GLSA 202309-16 ] wpa_supplicant, hostapd: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/768759
    Bug: https://bugs.gentoo.org/780135
    Bug: https://bugs.gentoo.org/780138
    Bug: https://bugs.gentoo.org/831332
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202309-16.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)