CVE-2004-0607

Summary

CVE	CVE-2004-0607
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2004-12-06 05:00:00 UTC
Updated	2017-10-11 01:29:00 UTC
Description	The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Ipsec-tools	Ipsec-tools	0.3	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3.1	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3.2	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3_rc1	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3_rc2	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3_rc3	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3_rc4	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3_rc5	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3.1	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3.2	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3_rc1	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3_rc2	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3_rc3	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3_rc4	All	All	All
Application	Ipsec-tools	Ipsec-tools	0.3_rc5	All	All	All
Application	Kame	Racoon	All	All	All	All
Application	Kame	Racoon	2003-07-11	All	All	All
Application	Kame	Racoon	2004-04-05	All	All	All
Application	Kame	Racoon	2004-04-07b	All	All	All
Application	Kame	Racoon	2004-05-03	All	All	All
Application	Kame	Racoon	All	All	All	All
Application	Kame	Racoon	2003-07-11	All	All	All
Application	Kame	Racoon	2004-04-05	All	All	All
Application	Kame	Racoon	2004-04-07b	All	All	All
Application	Kame	Racoon	2004-05-03	All	All	All
Operating System	Redhat	Enterprise Linux	3.0	All	advanced_servers	All
Operating System	Redhat	Enterprise Linux	3.0	All	enterprise_server	All
Operating System	Redhat	Enterprise Linux	3.0	All	workstation	All
Operating System	Redhat	Enterprise Linux	3.0	All	advanced_servers	All
Operating System	Redhat	Enterprise Linux	3.0	All	enterprise_server	All
Operating System	Redhat	Enterprise Linux	3.0	All	workstation	All
Operating System	Redhat	Enterprise Linux Desktop	3.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	3.0	All	All	All

References

Reference	Source	Link	Tags
SourceForge.net: File Release Notes and Changelog	CONFIRM	sourceforge.net
redhat.com \| Red Hat Support	REDHAT	www.redhat.com
Secunia - Advisories - KAME Racoon X.509 Certificate Validation Vulnerability	SECUNIA	secunia.com
'Re: authentication bug in KAME's racoon' - MARC	BUGTRAQ	marc.info
7113	OSVDB	www.osvdb.org
Gentoo Linux Documentation -- IPsec-Tools: authentication bug in racoon	GENTOO	security.gentoo.org	Patch, Vendor Advisory
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Secunia - Advisories - IPsec-Tools Denial of Service and Certificate Validation Vulnerabilities	SECUNIA	secunia.com
KAME Racoon May Validate Invalid Certificates - SecurityTracker	SECTRACK	securitytracker.com
KAME Racoon IDE Daemon X.509 Improper Certificate Verification Vulnerability	BID	www.securityfocus.com	Vendor Advisory
'authentication bug in KAME's racoon' - MARC	BUGTRAQ	marc.info
SCOSA-2005.10	SCO	ftp.sco.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.