Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200406-17
HistoryJun 22, 2004 - 12:00 a.m.

IPsec-Tools: authentication bug in racoon

2004-06-2200:00:00
Gentoo Foundation
security.gentoo.org
16

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.933 High

EPSS

Percentile

99.0%

JSON

Background

IPsec-Tools is a port of KAME’s implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6.

Description

The KAME IKE daemon racoon is used to authenticate peers during Phase 1 when using either preshared keys, GSS-API, or RSA signatures. When using RSA signatures racoon validates the X.509 certificate but not the RSA signature.

Impact

By sending a valid and trusted X.509 certificate and any private key an attacker could exploit this vulnerability to perform man-in-the-middle attacks and initiate unauthorized connections.

Workaround

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version.

Resolution

All IPsec-Tools users should upgrade to the latest stable version:

 # emerge sync
 
 # emerge -pv ">=net-firewall/ipsec-tools-0.3.3"
 # emerge ">=net-firewall/ipsec-tools-0.3.3"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-firewall/ipsec-tools< 0.3.3UNKNOWN

Related

openvas 7
nessus 9
f5 1
debiancve 2
redhat 2
cve 2
ubuntucve 1
cert 1
freebsd 1
openvas
openvas
Gentoo Security Advisory GLSA 200406-17 (IPsec-Tools)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200406-17 (IPsec-Tools)
2008-09-24 00:00:00
FreeBSD Ports: racoon
2008-09-04 00:00:00
nessus
nessus
GLSA-200406-17 : IPsec-Tools: authentication bug in racoon
2004-08-30 00:00:00
RHEL 3 : ipsec-tools (RHSA-2004:308)
2004-07-30 00:00:00
FreeBSD : racoon fails to verify signature during Phase 1 (163)
2004-07-06 00:00:00
f5
f5
K15452143 : IPsec-Tools (racoon) vulnerability CVE-2004-0607
2018-03-12 00:00:00
debiancve
debiancve
CVE-2004-0607
2004-12-06 05:00:00
CVE-2004-0155
2004-06-01 04:00:00
redhat
redhat
(RHSA-2004:308) ipsec-tools security update
2004-07-29 00:00:00
(RHSA-2004:165) ipsec-tools security update
2004-05-11 00:00:00
cve
cve
CVE-2004-0607
2004-12-06 05:00:00
CVE-2004-0155
2004-06-01 04:00:00
ubuntucve
ubuntucve
CVE-2004-0155
2004-06-01 00:00:00
cert
cert
KAME Racoon IKE daemon fails to properly verify client RSA signatures
2004-04-09 00:00:00
freebsd
freebsd
racoon fails to verify signature during Phase 1
2004-04-05 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.933 High

EPSS

Percentile

99.0%

JSON
Related for GLSA-200406-17
openvas7nessus9f51debiancve2redhat2cve2ubuntucve1cert1freebsd1