Secunia
Login
|
|
CVE Reference: CVE-2004-0155 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2004-0155 |
|
|
Description: The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate. |
|
|
CVE Status: Candidate |
|
|
References: SCO SAID Secunia Advisory: SA11328 REDHAT http://www.redhat.com/support/errata/RHSA-2004-165.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:945 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9291 MANDRAKE http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069 http://www.mandriva.com/security/advisories?name=MDKSA-2004:027 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml CERT-VN 552398 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=108136746911000&w=2 BID 10072 APPLE http://marc.theaimsgroup.com/?l=bugtraq&m=108369640424244&w=2 |
|
| Return to the previous page. |
