Search a vulnerability

All the vulnerabilites related to KAME Project - KAME Racoon

jvndb-2004-000231

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2008-05-21 00:00

Severity ?

() - -

Summary

KAME Racoon eay_check_x509cert Improper Certificate Verification Vulnerability

Details

eay_check_x509cert() in Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.

References

▼	Type	URL
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0607
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0607
	SECUNIA	http://secunia.com/advisories/12185/
	BID	http://www.securityfocus.com/bid/10546
	XF	http://xforce.iss.net/xforce/xfdb/16414
	SECTRACK	http://securitytracker.com/id?1010495

Impacted products

▼	Vendor	Product
	KAME Project	KAME Racoon
	Cybertrust Japan Co., Ltd.	Asianux Server
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Enterprise Linux Desktop

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000231.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "eay_check_x509cert() in Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.",
  "link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000231.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:kame:racoon",
      "@product": "KAME Racoon",
      "@vendor": "KAME Project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "10.0",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2004-000231",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0607",
      "@id": "CVE-2004-0607",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0607",
      "@id": "CVE-2004-0607",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/12185/",
      "@id": "SA12185",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/10546",
      "@id": "10546",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/16414",
      "@id": "16414",
      "@source": "XF"
    },
    {
      "#text": "http://securitytracker.com/id?1010495",
      "@id": "1010495",
      "@source": "SECTRACK"
    }
  ],
  "title": "KAME Racoon eay_check_x509cert Improper Certificate Verification Vulnerability"
}