CVE-2004-0155

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-0155
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt
http://marc.info/?l=bugtraq&m=108136746911000&w=2
http://marc.info/?l=bugtraq&m=108369640424244&w=2
http://secunia.com/advisories/11328
http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml
http://www.kb.cert.org/vuls/id/552398 US Government Resource
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069
http://www.mandriva.com/security/advisories?name=MDKSA-2004:027
http://www.redhat.com/support/errata/RHSA-2004-165.html Patch Vendor Advisory
http://www.securityfocus.com/bid/10072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt
http://marc.info/?l=bugtraq&m=108136746911000&w=2
http://marc.info/?l=bugtraq&m=108369640424244&w=2
http://secunia.com/advisories/11328
http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml
http://www.kb.cert.org/vuls/id/552398 US Government Resource
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069
http://www.mandriva.com/security/advisories?name=MDKSA-2004:027
http://www.redhat.com/support/errata/RHSA-2004-165.html Patch Vendor Advisory
http://www.securityfocus.com/bid/10072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945
Configurations

Configuration 1 (hide)

cpe:2.3:a:kame:racoon:*:*:*:*:*:*:*:*
History

20 Nov 2024, 23:47

Type Values Removed Values Added
References () ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt - () ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt -
References () http://marc.info/?l=bugtraq&m=108136746911000&w=2 - () http://marc.info/?l=bugtraq&m=108136746911000&w=2 -
References () http://marc.info/?l=bugtraq&m=108369640424244&w=2 - () http://marc.info/?l=bugtraq&m=108369640424244&w=2 -
References () http://secunia.com/advisories/11328 - () http://secunia.com/advisories/11328 -
References () http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml - () http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml -
References () http://www.kb.cert.org/vuls/id/552398 - US Government Resource () http://www.kb.cert.org/vuls/id/552398 - US Government Resource
References () http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069 - () http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2004:027 - () http://www.mandriva.com/security/advisories?name=MDKSA-2004:027 -
References () http://www.redhat.com/support/errata/RHSA-2004-165.html - Patch, Vendor Advisory () http://www.redhat.com/support/errata/RHSA-2004-165.html - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/10072 - () http://www.securityfocus.com/bid/10072 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945 -
Information

Published : 2004-06-01 04:00

Updated : 2024-11-20 23:47

NVD link : CVE-2004-0155

Mitre link : CVE-2004-0155

CVE.ORG link : CVE-2004-0155

JSON object : View

Products Affected

kame

  • racoon
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024