ID de Prueba:	1.3.6.1.4.1.25623.1.0.50550
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:070 (freeswan)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to freeswan announced via advisory MDKSA-2004:070. Thomas Walpuski discovered a vulnerability in the X.509 handling of super-freeswan, openswan, strongSwan, and FreeS/WAN with the X.509 patch applied. This vulnerability allows an attacker to make up their own Certificate Authority that can allow them to impersonate the identity of a valid DN. As well, another hole exists in the CA checking code that could create an endless loop in certain instances. Mandrakesoft encourages all users who use FreeS/WAN or super-freeswan to upgrade to the updated packages which are patched to correct these flaws. Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0590 http://lists.openswan.org/pipermail/dev/2004-June/000369.html http://www.openswan.org/support/vuln/can-2004-0590/ Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0590 http://security.gentoo.org/glsa/glsa-200406-20.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070 XForce ISS Database: ipsec-verifyx509cert-auth-bypass(16515) https://exchange.xforce.ibmcloud.com/vulnerabilities/16515
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.