Vulnerabilites related to kame - racoon
Vulnerability from fkie_nvd
Published
2004-06-14 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kame:racoon:*:*:*:*:*:*:*:*", matchCriteriaId: "608EEF27-B71C-4B46-A039-526A847AB777", versionEndIncluding: "2004-04-07a", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) \"Security Association Next Payload\" and (2) \"RESERVED\" fields.", }, { lang: "es", value: "racoon anteriores a 20040407b permite a atacantes remotos causar una denegación de servicio (bucle infinito y conexiones descartadas) mediante un mensaje IKE con una cabecera de carga útil (paiload) genérica malformada, conteniendo campos (1) \"Security Association Next Payload\" y (2) \"RESERVED\" no válidos.", }, ], id: "CVE-2004-0392", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-06-14T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { source: "cve@mitre.org", url: "http://orange.kame.net/dev/query-pr.cgi?pr=555", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://orange.kame.net/dev/query-pr.cgi?pr=555", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-03-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kame:racoon:all_versions:*:*:*:*:*:*:*", matchCriteriaId: "BD0D2B64-7A56-4829-A49A-046BF925B302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.", }, { lang: "es", value: "El demonio KAME IKE (racoon) no maneja adecuadamente valores de extractos (hash) lo que permite a atacantes remotos borrar certificados mediante (1) un cierto mensaje de borrado que no es manejado adecuadamente en isakmp.c o isakmp_inf.c, o (2) un cierto mensaje INITIAL-CONTACT que no es manejado adecuadamente en isakmp_inf.c.", }, ], id: "CVE-2004-0164", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-03-03T05:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=107403331309838&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=107411758202662&w=2", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/9416", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/9417", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/14117", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/14118", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A947", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9737", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=107403331309838&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=107411758202662&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/9416", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/9417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/14117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/14118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A947", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9737", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-06-01 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kame:racoon:*:*:*:*:*:*:*:*", matchCriteriaId: "E477F0A9-8027-435B-8F99-A15D1D74220A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.", }, { lang: "es", value: "El KAME IKE Daemon Racoon, cuando autentica a un semejante durante la Fase 1, valida el certificado X.509 pero no verifica la autenticación de firma RSA, lo que permite a atacantes remotos establecer conexiones IP no autorizadas o relizar ataques del tipo \"hombre en el medio\" usando un certificado X.509 válido y de confianza.", }, ], id: "CVE-2004-0155", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-06-01T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=108136746911000&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=108369640424244&w=2", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/11328", }, { source: "cve@mitre.org", url: "http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/552398", }, { source: "cve@mitre.org", url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:027", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2004-165.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/10072", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=108136746911000&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=108369640424244&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/11328", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/552398", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:027", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2004-165.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/10072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-12-06 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipsec-tools | ipsec-tools | 0.3 | |
| ipsec-tools | ipsec-tools | 0.3.1 | |
| ipsec-tools | ipsec-tools | 0.3.2 | |
| ipsec-tools | ipsec-tools | 0.3_rc1 | |
| ipsec-tools | ipsec-tools | 0.3_rc2 | |
| ipsec-tools | ipsec-tools | 0.3_rc3 | |
| ipsec-tools | ipsec-tools | 0.3_rc4 | |
| ipsec-tools | ipsec-tools | 0.3_rc5 | |
| kame | racoon | * | |
| kame | racoon | 2003-07-11 | |
| kame | racoon | 2004-04-05 | |
| kame | racoon | 2004-04-07b | |
| kame | racoon | 2004-05-03 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux_desktop | 3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ipsec-tools:ipsec-tools:0.3:*:*:*:*:*:*:*", matchCriteriaId: "ADAAFB6A-A22F-4539-8B12-AD5BE5829208", vulnerable: true, }, { criteria: "cpe:2.3:a:ipsec-tools:ipsec-tools:0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E7BC2543-F91E-40A0-AF3D-47A8EC7A5FC8", vulnerable: true, }, { criteria: "cpe:2.3:a:ipsec-tools:ipsec-tools:0.3.2:*:*:*:*:*:*:*", matchCriteriaId: "30B05AF4-3F58-439D-BADD-C9758C4BBA0B", vulnerable: true, }, { criteria: "cpe:2.3:a:ipsec-tools:ipsec-tools:0.3_rc1:*:*:*:*:*:*:*", matchCriteriaId: "6B925C34-CB57-443E-8190-34D490377F49", vulnerable: true, }, { criteria: "cpe:2.3:a:ipsec-tools:ipsec-tools:0.3_rc2:*:*:*:*:*:*:*", matchCriteriaId: "F534ABF0-F79F-4BDD-AD0C-705868AD72C3", vulnerable: true, }, { criteria: "cpe:2.3:a:ipsec-tools:ipsec-tools:0.3_rc3:*:*:*:*:*:*:*", matchCriteriaId: "9CDF7C24-5329-491C-B5F5-E2C2513B244C", vulnerable: true, }, { criteria: "cpe:2.3:a:ipsec-tools:ipsec-tools:0.3_rc4:*:*:*:*:*:*:*", matchCriteriaId: "69EE38D7-0EC3-4349-ADA6-121D0A0C2DE7", vulnerable: true, }, { criteria: "cpe:2.3:a:ipsec-tools:ipsec-tools:0.3_rc5:*:*:*:*:*:*:*", matchCriteriaId: "947B349F-6D8D-4EE2-8350-F544F8B152C4", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:*:*:*:*:*:*:*:*", matchCriteriaId: "E477F0A9-8027-435B-8F99-A15D1D74220A", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2003-07-11:*:*:*:*:*:*:*", matchCriteriaId: "F311F249-417C-4514-A144-E21A57078574", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2004-04-05:*:*:*:*:*:*:*", matchCriteriaId: "AC1BA7DD-5218-41A0-9D5F-79A45D22A2A4", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2004-04-07b:*:*:*:*:*:*:*", matchCriteriaId: "92E51298-8789-44B0-B64F-6D8D90034404", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2004-05-03:*:*:*:*:*:*:*", matchCriteriaId: "75ABB0EA-A057-486E-BD66-3378B28545BD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", matchCriteriaId: "81B543F9-C209-46C2-B0AE-E14818A6992E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*", matchCriteriaId: "DB89C970-DE94-4E09-A90A-077DB83AD156", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.", }, { lang: "es", value: "La función eay_check_x509cert en KAME Racoon verifica como buenos certificados incluso cuando la validación OpenSLL falla, lo que podría permitir a atacantes remotos saltarse la autenticación.", }, ], id: "CVE-2004-0607", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-12-06T05:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=108726102304507&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=108731967126033&w=2", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/11863", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/11877", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200406-17.xml", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1010495", }, { source: "cve@mitre.org", url: "http://sourceforge.net/project/shownotes.php?release_id=245982", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/7113", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-308.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/10546", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16414", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=108726102304507&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=108731967126033&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/11863", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/11877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200406-17.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1010495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sourceforge.net/project/shownotes.php?release_id=245982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/7113", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-308.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/10546", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16414", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9163", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-06-01 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kame:racoon:*:*:*:*:*:*:*:*", matchCriteriaId: "052A6780-7CD2-4BBE-94D0-C63B06620822", versionEndIncluding: "2004-04-08a", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.", }, ], id: "CVE-2004-0403", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-06-01T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { source: "cve@mitre.org", url: "ftp://patches.sgi.com/support/free/security/advisories/20040506-01-U.asc", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=108369640424244&w=2", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/11410", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/11877", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200404-17.xml", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1009937", }, { source: "cve@mitre.org", url: "http://sourceforge.net/project/shownotes.php?release_id=232288", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181", }, { source: "cve@mitre.org", url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/5491", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2004-165.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/10172", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11220", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A984", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://patches.sgi.com/support/free/security/advisories/20040506-01-U.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=108369640424244&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/11410", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/11877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200404-17.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1009937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sourceforge.net/project/shownotes.php?release_id=232288", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/5491", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2004-165.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/10172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11220", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A984", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-03-14 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipsec-tools | ipsec-tools | 0.3.3 | |
| ipsec-tools | ipsec-tools | 0.5 | |
| kame | racoon | 2003-07-11 | |
| kame | racoon | 2004-04-05 | |
| kame | racoon | 2004-04-07b | |
| kame | racoon | 2004-05-03 | |
| kame | racoon | 2005-01-03 | |
| kame | racoon | 2005-01-10 | |
| kame | racoon | 2005-01-17 | |
| kame | racoon | 2005-01-24 | |
| kame | racoon | 2005-01-31 | |
| kame | racoon | 2005-02-07 | |
| kame | racoon | 2005-02-14 | |
| kame | racoon | 2005-02-21 | |
| kame | racoon | 2005-02-28 | |
| kame | racoon | 2005-03-07 | |
| sgi | propack | 3.0 | |
| altlinux | alt_linux | 2.3 | |
| altlinux | alt_linux | 2.3 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux_desktop | 3.0 | |
| redhat | enterprise_linux_desktop | 4.0 | |
| suse | suse_linux | * | |
| suse | suse_linux | * | |
| suse | suse_linux | 9.1 | |
| suse | suse_linux | 9.1 | |
| suse | suse_linux | 9.2 | |
| suse | suse_linux | 9.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ipsec-tools:ipsec-tools:0.3.3:*:*:*:*:*:*:*", matchCriteriaId: "7AB016E3-49FE-4ADF-8D4A-479D0D1C5AF1", vulnerable: true, }, { criteria: "cpe:2.3:a:ipsec-tools:ipsec-tools:0.5:*:*:*:*:*:*:*", matchCriteriaId: "C5630CFB-58BF-4B58-90AB-B44793D91FE6", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2003-07-11:*:*:*:*:*:*:*", matchCriteriaId: "F311F249-417C-4514-A144-E21A57078574", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2004-04-05:*:*:*:*:*:*:*", matchCriteriaId: "AC1BA7DD-5218-41A0-9D5F-79A45D22A2A4", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2004-04-07b:*:*:*:*:*:*:*", matchCriteriaId: "92E51298-8789-44B0-B64F-6D8D90034404", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2004-05-03:*:*:*:*:*:*:*", matchCriteriaId: "75ABB0EA-A057-486E-BD66-3378B28545BD", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2005-01-03:*:*:*:*:*:*:*", matchCriteriaId: "7EA01A84-6D57-4EC1-8E8B-29989E786101", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2005-01-10:*:*:*:*:*:*:*", matchCriteriaId: "44076976-AF46-4181-93B6-F85982185A9A", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2005-01-17:*:*:*:*:*:*:*", matchCriteriaId: "BE031420-9E80-48FC-BB65-92D890A7F688", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2005-01-24:*:*:*:*:*:*:*", matchCriteriaId: "3C34FC11-088E-408D-98B1-DA6F61547FC1", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2005-01-31:*:*:*:*:*:*:*", matchCriteriaId: "FF541C23-0158-45FE-8F8C-C353874E0090", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2005-02-07:*:*:*:*:*:*:*", matchCriteriaId: "B37581BA-4F83-4940-8EF4-91575BF37B1D", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2005-02-14:*:*:*:*:*:*:*", matchCriteriaId: "C044E7C0-F7DF-476D-B58A-9C5493F03BD9", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2005-02-21:*:*:*:*:*:*:*", matchCriteriaId: "52DAA449-31DC-49F0-83AF-15AA8C318585", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2005-02-28:*:*:*:*:*:*:*", matchCriteriaId: "E0298AF2-5267-4EE6-B2C4-9C53C3E89A62", vulnerable: true, }, { criteria: "cpe:2.3:a:kame:racoon:2005-03-07:*:*:*:*:*:*:*", matchCriteriaId: "4DE6D48A-FCF8-4DE1-A2E8-A163D3219827", vulnerable: true, }, { criteria: "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", matchCriteriaId: "29DC217F-C257-4A3C-9CBD-08010C30BEC3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:altlinux:alt_linux:2.3:*:compact:*:*:*:*:*", matchCriteriaId: "64BE98C2-8EFA-4349-9FE2-D62CA63A16C4", vulnerable: true, }, { criteria: "cpe:2.3:o:altlinux:alt_linux:2.3:*:junior:*:*:*:*:*", matchCriteriaId: "7D0AC3A3-A37C-4053-B05F-A031877AC811", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", matchCriteriaId: "81B543F9-C209-46C2-B0AE-E14818A6992E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*", matchCriteriaId: "DB89C970-DE94-4E09-A90A-077DB83AD156", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*", matchCriteriaId: "F9440B25-D206-4914-9557-B5F030890DEC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "E9933557-3BCA-4D92-AD4F-27758A0D3347", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*", matchCriteriaId: "10A60552-15A5-4E95-B3CE-99A4B26260C1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*", matchCriteriaId: "7D74A418-50F0-42C0-ABBC-BBBE718FF025", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:*:*:desktop:*:*:*:*:*", matchCriteriaId: "81E1499C-E73C-4630-B45B-02C38B7AE90D", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:*:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "059EC93D-0F3F-4FC2-9878-0DB2756B951B", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", matchCriteriaId: "CFABFCE5-4F86-4AE8-9849-BC360AC72098", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*", matchCriteriaId: "D5F98B9A-880E-45F0-8C16-12B22970F0D1", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*", matchCriteriaId: "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*", matchCriteriaId: "B905C6E9-5058-4FD7-95B6-CD6AB6B2F516", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.", }, ], id: "CVE-2005-0398", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-03-14T05:00:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14584", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200503-33.xml", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://securitytracker.com/id?1013433", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://sourceforge.net/mailarchive/forum.php?thread_id=6787713&forum_id=32000", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:062", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-232.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/12804", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/0264", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966&action=view", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19707", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14584", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200503-33.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://securitytracker.com/id?1013433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://sourceforge.net/mailarchive/forum.php?thread_id=6787713&forum_id=32000", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-232.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/12804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/0264", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966&action=view", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19707", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10028", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2004-0392
Vulnerability from cvelistv5
Published
2004-05-06 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15893 | vdb-entry, x_refsource_XF | |
| http://orange.kame.net/dev/query-pr.cgi?pr=555 | x_refsource_CONFIRM | |
| ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt | vendor-advisory, x_refsource_SCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:17:14.413Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html", }, { name: "racoon-isakmp-dos(15893)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://orange.kame.net/dev/query-pr.cgi?pr=555", }, { name: "SCOSA-2005.10", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-04-07T00:00:00", descriptions: [ { lang: "en", value: "racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) \"Security Association Next Payload\" and (2) \"RESERVED\" fields.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html", }, { name: "racoon-isakmp-dos(15893)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://orange.kame.net/dev/query-pr.cgi?pr=555", }, { name: "SCOSA-2005.10", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0392", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) \"Security Association Next Payload\" and (2) \"RESERVED\" fields.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html", refsource: "CONFIRM", url: "http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html", }, { name: "racoon-isakmp-dos(15893)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893", }, { name: "http://orange.kame.net/dev/query-pr.cgi?pr=555", refsource: "CONFIRM", url: "http://orange.kame.net/dev/query-pr.cgi?pr=555", }, { name: "SCOSA-2005.10", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0392", datePublished: "2004-05-06T04:00:00", dateReserved: "2004-04-13T00:00:00", dateUpdated: "2024-08-08T00:17:14.413Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0164
Vulnerability from cvelistv5
Published
2004-02-19 05:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9737 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A947 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/9417 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/9416 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/14117 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=107411758202662&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc | vendor-advisory, x_refsource_NETBSD | |
| http://marc.info/?l=bugtraq&m=107403331309838&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/14118 | vdb-entry, x_refsource_XF | |
| http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html | vendor-advisory, x_refsource_APPLE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:10:03.249Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:9737", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9737", }, { name: "oval:org.mitre.oval:def:947", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A947", }, { name: "9417", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/9417", }, { name: "9416", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/9416", }, { name: "openbsd-isakmp-invalidspi-delete-sa(14117)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/14117", }, { name: "20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=107411758202662&w=2", }, { name: "NetBSD-SA2004-001", tags: [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc", }, { name: "20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=107403331309838&w=2", }, { name: "openbsd-isakmp-initialcontact-delete-sa(14118)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/14118", }, { name: "APPLE-SA-2004-02-23", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-01-13T00:00:00", descriptions: [ { lang: "en", value: "KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "oval:org.mitre.oval:def:9737", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9737", }, { name: "oval:org.mitre.oval:def:947", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A947", }, { name: "9417", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/9417", }, { name: "9416", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/9416", }, { name: "openbsd-isakmp-invalidspi-delete-sa(14117)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/14117", }, { name: "20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=107411758202662&w=2", }, { name: "NetBSD-SA2004-001", tags: [ "vendor-advisory", "x_refsource_NETBSD", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc", }, { name: "20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=107403331309838&w=2", }, { name: "openbsd-isakmp-initialcontact-delete-sa(14118)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/14118", }, { name: "APPLE-SA-2004-02-23", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0164", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:9737", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9737", }, { name: "oval:org.mitre.oval:def:947", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A947", }, { name: "9417", refsource: "BID", url: "http://www.securityfocus.com/bid/9417", }, { name: "9416", refsource: "BID", url: "http://www.securityfocus.com/bid/9416", }, { name: "openbsd-isakmp-invalidspi-delete-sa(14117)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/14117", }, { name: "20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=107411758202662&w=2", }, { name: "NetBSD-SA2004-001", refsource: "NETBSD", url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc", }, { name: "20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=107403331309838&w=2", }, { name: "openbsd-isakmp-initialcontact-delete-sa(14118)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/14118", }, { name: "APPLE-SA-2004-02-23", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0164", datePublished: "2004-02-19T05:00:00", dateReserved: "2004-02-18T00:00:00", dateUpdated: "2024-08-08T00:10:03.249Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0607
Vulnerability from cvelistv5
Published
2004-06-30 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:24:26.577Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20040615 Re: authentication bug in KAME's racoon", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=108731967126033&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/project/shownotes.php?release_id=245982", }, { name: "7113", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/7113", }, { name: "11877", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/11877", }, { name: "20040614 authentication bug in KAME's racoon", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=108726102304507&w=2", }, { name: "racoon-eaycheckx509cert-auth-bypass(16414)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16414", }, { name: "RHSA-2004:308", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-308.html", }, { name: "SCOSA-2005.10", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { name: "oval:org.mitre.oval:def:9163", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9163", }, { name: "1010495", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1010495", }, { name: "11863", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/11863", }, { name: "10546", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/10546", }, { name: "GLSA-200406-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200406-17.xml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-06-14T00:00:00", descriptions: [ { lang: "en", value: "The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20040615 Re: authentication bug in KAME's racoon", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=108731967126033&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/project/shownotes.php?release_id=245982", }, { name: "7113", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/7113", }, { name: "11877", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/11877", }, { name: "20040614 authentication bug in KAME's racoon", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=108726102304507&w=2", }, { name: "racoon-eaycheckx509cert-auth-bypass(16414)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16414", }, { name: "RHSA-2004:308", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-308.html", }, { name: "SCOSA-2005.10", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { name: "oval:org.mitre.oval:def:9163", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9163", }, { name: "1010495", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1010495", }, { name: "11863", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/11863", }, { name: "10546", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/10546", }, { name: "GLSA-200406-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200406-17.xml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0607", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20040615 Re: authentication bug in KAME's racoon", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=108731967126033&w=2", }, { name: "http://sourceforge.net/project/shownotes.php?release_id=245982", refsource: "CONFIRM", url: "http://sourceforge.net/project/shownotes.php?release_id=245982", }, { name: "7113", refsource: "OSVDB", url: "http://www.osvdb.org/7113", }, { name: "11877", refsource: "SECUNIA", url: "http://secunia.com/advisories/11877", }, { name: "20040614 authentication bug in KAME's racoon", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=108726102304507&w=2", }, { name: "racoon-eaycheckx509cert-auth-bypass(16414)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16414", }, { name: "RHSA-2004:308", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-308.html", }, { name: "SCOSA-2005.10", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { name: "oval:org.mitre.oval:def:9163", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9163", }, { name: "1010495", refsource: "SECTRACK", url: "http://securitytracker.com/id?1010495", }, { name: "11863", refsource: "SECUNIA", url: "http://secunia.com/advisories/11863", }, { name: "10546", refsource: "BID", url: "http://www.securityfocus.com/bid/10546", }, { name: "GLSA-200406-17", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200406-17.xml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0607", datePublished: "2004-06-30T04:00:00", dateReserved: "2004-06-29T00:00:00", dateUpdated: "2024-08-08T00:24:26.577Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0398
Vulnerability from cvelistv5
Published
2005-03-26 05:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966&action=view | x_refsource_MISC | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:062 | vendor-advisory, x_refsource_MANDRAKE | |
| http://security.gentoo.org/glsa/glsa-200503-33.xml | vendor-advisory, x_refsource_GENTOO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19707 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/12804 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2005/0264 | vdb-entry, x_refsource_VUPEN | |
| http://sourceforge.net/mailarchive/forum.php?thread_id=6787713&forum_id=32000 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/14584 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2005-232.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10028 | vdb-entry, signature, x_refsource_OVAL | |
| http://securitytracker.com/id?1013433 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:13:54.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966&action=view", }, { name: "MDKSA-2005:062", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:062", }, { name: "GLSA-200503-33", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200503-33.xml", }, { name: "racoon-isakmp-header-dos(19707)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19707", }, { name: "12804", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12804", }, { name: "ADV-2005-0264", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/0264", }, { name: "[ipsec-tools-devel] 20050312 potential remote crash in racoon", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://sourceforge.net/mailarchive/forum.php?thread_id=6787713&forum_id=32000", }, { name: "14584", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14584", }, { name: "RHSA-2005:232", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-232.html", }, { name: "oval:org.mitre.oval:def:10028", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10028", }, { name: "1013433", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1013433", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-03-15T00:00:00", descriptions: [ { lang: "en", value: "The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966&action=view", }, { name: "MDKSA-2005:062", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:062", }, { name: "GLSA-200503-33", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200503-33.xml", }, { name: "racoon-isakmp-header-dos(19707)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19707", }, { name: "12804", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12804", }, { name: "ADV-2005-0264", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/0264", }, { name: "[ipsec-tools-devel] 20050312 potential remote crash in racoon", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://sourceforge.net/mailarchive/forum.php?thread_id=6787713&forum_id=32000", }, { name: "14584", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14584", }, { name: "RHSA-2005:232", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-232.html", }, { name: "oval:org.mitre.oval:def:10028", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10028", }, { name: "1013433", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1013433", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-0398", datePublished: "2005-03-26T05:00:00", dateReserved: "2005-02-14T00:00:00", dateUpdated: "2024-08-07T21:13:54.134Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0155
Vulnerability from cvelistv5
Published
2004-04-16 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:10:03.501Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDKSA-2004:027", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:027", }, { name: "MDKSA-2004:069", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069", }, { name: "APPLE-SA-2004-05-03", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=108369640424244&w=2", }, { name: "oval:org.mitre.oval:def:9291", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291", }, { name: "SCOSA-2005.10", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { name: "GLSA-200406-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml", }, { name: "oval:org.mitre.oval:def:945", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945", }, { name: "11328", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/11328", }, { name: "VU#552398", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/552398", }, { name: "RHSA-2004:165", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-165.html", }, { name: "10072", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/10072", }, { name: "20040407 CAN-2004-0155: The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=108136746911000&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-04-07T00:00:00", descriptions: [ { lang: "en", value: "The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "MDKSA-2004:027", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:027", }, { name: "MDKSA-2004:069", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069", }, { name: "APPLE-SA-2004-05-03", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://marc.info/?l=bugtraq&m=108369640424244&w=2", }, { name: "oval:org.mitre.oval:def:9291", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291", }, { name: "SCOSA-2005.10", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { name: "GLSA-200406-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml", }, { name: "oval:org.mitre.oval:def:945", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945", }, { name: "11328", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/11328", }, { name: "VU#552398", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/552398", }, { name: "RHSA-2004:165", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-165.html", }, { name: "10072", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/10072", }, { name: "20040407 CAN-2004-0155: The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=108136746911000&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0155", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MDKSA-2004:027", refsource: "MANDRAKE", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:027", }, { name: "MDKSA-2004:069", refsource: "MANDRAKE", url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069", }, { name: "APPLE-SA-2004-05-03", refsource: "APPLE", url: "http://marc.info/?l=bugtraq&m=108369640424244&w=2", }, { name: "oval:org.mitre.oval:def:9291", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291", }, { name: "SCOSA-2005.10", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { name: "GLSA-200406-17", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml", }, { name: "oval:org.mitre.oval:def:945", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945", }, { name: "11328", refsource: "SECUNIA", url: "http://secunia.com/advisories/11328", }, { name: "VU#552398", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/552398", }, { name: "RHSA-2004:165", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-165.html", }, { name: "10072", refsource: "BID", url: "http://www.securityfocus.com/bid/10072", }, { name: "20040407 CAN-2004-0155: The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=108136746911000&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0155", datePublished: "2004-04-16T04:00:00", dateReserved: "2004-02-13T00:00:00", dateUpdated: "2024-08-08T00:10:03.501Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0403
Vulnerability from cvelistv5
Published
2004-04-16 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:17:14.610Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDKSA-2004:069", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069", }, { name: "oval:org.mitre.oval:def:984", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A984", }, { name: "1009937", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1009937", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html", }, { name: "20040506-01-U", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20040506-01-U.asc", }, { name: "racoon-isakmp-dos(15893)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893", }, { name: "oval:org.mitre.oval:def:11220", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11220", }, { name: "APPLE-SA-2004-05-03", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=108369640424244&w=2", }, { name: "11877", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/11877", }, { name: "SCOSA-2005.10", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { name: "10172", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/10172", }, { name: "11410", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/11410", }, { name: "GLSA-200404-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200404-17.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/project/shownotes.php?release_id=232288", }, { name: "5491", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/5491", }, { name: "RHSA-2004:165", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-165.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-04-14T00:00:00", descriptions: [ { lang: "en", value: "Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "MDKSA-2004:069", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069", }, { name: "oval:org.mitre.oval:def:984", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A984", }, { name: "1009937", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1009937", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html", }, { name: "20040506-01-U", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20040506-01-U.asc", }, { name: "racoon-isakmp-dos(15893)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893", }, { name: "oval:org.mitre.oval:def:11220", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11220", }, { name: "APPLE-SA-2004-05-03", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://marc.info/?l=bugtraq&m=108369640424244&w=2", }, { name: "11877", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/11877", }, { name: "SCOSA-2005.10", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { name: "10172", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/10172", }, { name: "11410", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/11410", }, { name: "GLSA-200404-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200404-17.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/project/shownotes.php?release_id=232288", }, { name: "5491", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/5491", }, { name: "RHSA-2004:165", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-165.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0403", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MDKSA-2004:069", refsource: "MANDRAKE", url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069", }, { name: "oval:org.mitre.oval:def:984", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A984", }, { name: "1009937", refsource: "SECTRACK", url: "http://securitytracker.com/id?1009937", }, { name: "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html", refsource: "CONFIRM", url: "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html", }, { name: "20040506-01-U", refsource: "SGI", url: "ftp://patches.sgi.com/support/free/security/advisories/20040506-01-U.asc", }, { name: "racoon-isakmp-dos(15893)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893", }, { name: "oval:org.mitre.oval:def:11220", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11220", }, { name: "APPLE-SA-2004-05-03", refsource: "APPLE", url: "http://marc.info/?l=bugtraq&m=108369640424244&w=2", }, { name: "11877", refsource: "SECUNIA", url: "http://secunia.com/advisories/11877", }, { name: "SCOSA-2005.10", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt", }, { name: "10172", refsource: "BID", url: "http://www.securityfocus.com/bid/10172", }, { name: "11410", refsource: "SECUNIA", url: "http://secunia.com/advisories/11410", }, { name: "GLSA-200404-17", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200404-17.xml", }, { name: "http://sourceforge.net/project/shownotes.php?release_id=232288", refsource: "CONFIRM", url: "http://sourceforge.net/project/shownotes.php?release_id=232288", }, { name: "5491", refsource: "OSVDB", url: "http://www.osvdb.org/5491", }, { name: "RHSA-2004:165", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-165.html", }, { name: "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181", refsource: "CONFIRM", url: "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0403", datePublished: "2004-04-16T04:00:00", dateReserved: "2004-04-13T00:00:00", dateUpdated: "2024-08-08T00:17:14.610Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }