Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2004-0155HistoryJun 01, 2004 - 4:00 a.m.
CVE-2004-0155
2004-06-0104:00:00
Debian Security Bug Tracker
security-tracker.debian.org
8
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | ipsec-tools | < 1:0.8.2+20140711-8+deb9u1 | ipsec-tools_1:0.8.2+20140711-8+deb9u1_all.deb |
Related
nessus
nessus
FreeBSD : racoon fails to verify signature during Phase 1 (163)
2004-07-06 00:00:00
Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2004:027)
2004-07-31 00:00:00
openvas
openvas
FreeBSD Ports: racoon
2008-09-04 00:00:00
FreeBSD Ports: racoon
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200406-17 (IPsec-Tools)
2008-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2004-0155
2004-06-01 00:00:00
cert
cert
KAME Racoon IKE daemon fails to properly verify client RSA signatures
2004-04-09 00:00:00
freebsd
freebsd
racoon fails to verify signature during Phase 1
2004-04-05 00:00:00
cve
cve
CVE-2004-0155
2004-06-01 04:00:00
gentoo
gentoo
IPsec-Tools: authentication bug in racoon
2004-06-22 00:00:00
redhat
redhat
(RHSA-2004:165) ipsec-tools security update
2004-05-11 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related for DEBIANCVE:CVE-2004-0155