Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0155

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0155
Last Modified 21 Aug 2010 12:19:39
Published 01 Jun 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0155

Summary

The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.

Vulnerable Systems

Application

  • Kame Racoon


References

CERT-VN - VU#552398

REDHAT - RHSA-2004:165

APPLE - APPLE-SA-2004-05-03

BUGTRAQ - 20040407 CAN-2004-0155: The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections

BID - 10072

MANDRAKE - MDKSA-2004:069

GENTOO - GLSA-200406-17

SECUNIA - 11328

SCO - SCOSA-2005.10

MANDRAKE - MDKSA-2004:027


Last Updated: 27 May 2016 10:38:30