Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0607

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0607
Last Modified 21 Aug 2010 12:20:52
Published 06 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0607

Summary

The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux Desktop 3.0

Application

  • Ipsec-tools 0.3

  • Ipsec-tools 0.3 Rc1

  • Ipsec-tools 0.3 Rc2

  • Ipsec-tools 0.3 Rc3

  • Ipsec-tools 0.3 Rc4

  • Ipsec-tools 0.3 Rc5

  • Ipsec-tools 0.3.1

  • Ipsec-tools 0.3.2

  • Kame Racoon

  • Kame Racoon 2003-07-11

  • Kame Racoon 2004-04-05

  • Kame Racoon 2004-04-07b

  • Kame Racoon 2004-05-03


References

XF - racoon-eaycheckx509cert-auth-bypass(16414)

GENTOO - GLSA-200406-17

BUGTRAQ - 20040615 Re: authentication bug in KAME's racoon

BID - 10546

REDHAT - RHSA-2004:308

BUGTRAQ - 20040614 authentication bug in KAME's racoon

SCO - SCOSA-2005.10

OSVDB - 7113

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=245982

SECTRACK - 1010495

SECUNIA - 11877

SECUNIA - 11863


Last Updated: 27 May 2016 10:38:40