Racoon Security Vulnerabilities and Issues — Racoon CVE List

Lucene search

KameRacoon

5 matches found

cve•added 2004/12/06 5:0 a.m.•57 views

CVE-2004-0607

The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.

10CVSS6.2AI score0.03036EPSS

cve•added 2004/06/01 4:0 a.m.•51 views

CVE-2004-0155

The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certi...

7.5CVSS7.2AI score0.04935EPSS

cve•added 2004/06/14 4:0 a.m.•50 views

CVE-2004-0392

racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields.

5CVSS7.4AI score0.00928EPSS

cve•added 2004/06/01 4:0 a.m.•49 views

CVE-2004-0403

Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.

5CVSS7.2AI score0.13257EPSS

cve•added 2004/03/03 5:0 a.m.•46 views

CVE-2004-0164

KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.

5CVSS6.4AI score0.12688EPSS