[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256040

 
 

909

 
 

199103

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-0607Date: (C)2004-12-06   (M)2023-12-22


The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1010495
BID-10546
SECUNIA-11863
SECUNIA-11877
http://marc.info/?l=bugtraq&m=108726102304507&w=2
http://marc.info/?l=bugtraq&m=108731967126033&w=2
OSVDB-7113
GLSA-200406-17
RHSA-2004:308
SCOSA-2005.10
http://sourceforge.net/project/shownotes.php?release_id=245982
oval:org.mitre.oval:def:9163
racoon-eaycheckx509cert-auth-bypass(16414)

CPE    2
cpe:/o:redhat:enterprise_linux_desktop:3.0
cpe:/a:kame:racoon

© SecPod Technologies