Intrusion Prevention

KAME.Racoon.IDE.Daemon.Improper.Certificate.Verification

Description

This indicates a possible attack attempt against a security-bypass vulnerability in KAME Racoon.
The vulnerability is caused by insufficient checking of user-supplied certificate. It may allow a remote attacker to pass authentication when negotiating an IPSec connection.

Affected Products

SGI Advanced Linux Environment 3.0
SCO Unixware 7.1.4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux AS 3
RedHat Desktop 3.0
KAME Racoon 20040503
KAME Racoon 20040407b
KAME Racoon 20040405
KAME Racoon 20030711
KAME Racoon
IPsec-Tools IPsec-Tools 0.3.2
IPsec-Tools IPsec-Tools 0.3.1
IPsec-Tools IPsec-Tools 0.3 rc5
IPsec-Tools IPsec-Tools 0.3 rc4
IPsec-Tools IPsec-Tools 0.3 rc3
IPsec-Tools IPsec-Tools 0.3 rc2
IPsec-Tools IPsec-Tools 0.3 rc1
IPsec-Tools IPsec-Tools 0.3
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.2.8
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.2.8

Impact

Compromise of the affected system.

Recommended Actions

IPsec-Tools IPsec-Tools 0.3
* IPsec-Tools ipsec-tools-0.3.3.tar.gz
http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-0.3.3.tar.g z?download
IPsec-Tools IPsec-Tools 0.3 rc2
* IPsec-Tools ipsec-tools-0.3.3.tar.gz
http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-0.3.3.tar.g z?download
IPsec-Tools IPsec-Tools 0.3 rc5
* IPsec-Tools ipsec-tools-0.3.3.tar.gz
http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-0.3.3.tar.g z?download
IPsec-Tools IPsec-Tools 0.3 rc4
* IPsec-Tools ipsec-tools-0.3.3.tar.gz
http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-0.3.3.tar.g z?download
IPsec-Tools IPsec-Tools 0.3 rc1
* IPsec-Tools ipsec-tools-0.3.3.tar.gz
http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-0.3.3.tar.g z?download
IPsec-Tools IPsec-Tools 0.3 rc3
* IPsec-Tools ipsec-tools-0.3.3.tar.gz
http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-0.3.3.tar.g z?download
IPsec-Tools IPsec-Tools 0.3.1
* IPsec-Tools ipsec-tools-0.3.3.tar.gz
http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-0.3.3.tar.g z?download
IPsec-Tools IPsec-Tools 0.3.2
* IPsec-Tools ipsec-tools-0.3.3.tar.gz
http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-0.3.3.tar.g z?download
Apple Mac OS X 10.2.8
* Apple SecUpd2004-09-07JagClient.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04717&plat form=osx&method=sa/SecUpd2004-09-07JagClient.dmg
Apple Mac OS X Server 10.2.8
* Apple SecUpdSrvr2004-09-07Jag.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04716&plat form=osx&method=sa/SecUpdSrvr2004-09-07Jag.dmg
Apple Mac OS X Server 10.3.4
* Apple SecUpdSrvr2004-09-07PanL.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04713&plat form=osx&method=sa/SecUpdSrvr2004-09-07PanL.dmg
Apple Mac OS X 10.3.4
* Apple SecUpd2004-09-07PanClient.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04712&plat form=osx&method=sa/SecUpd2004-09-07PanClient.dmg
Apple Mac OS X Server 10.3.5
* Apple SecUpdSrvr2004-09-07PanM.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04714&plat form=osx&method=sa/SecUpdSrvr2004-09-07PanM.dmg
Apple Mac OS X 10.3.5
* Apple SecUpd2004-09-07PanMClient.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04715&plat form=osx&method=sa/SecUpd2004-09-07PanMClient.dmg
SCO Unixware 7.1.4
* SCO erg712650.pkg.Z
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/erg712650.pkg.Z

CVE References

CVE-2004-0607