FreeBSD Local Security Checks : FreeBSD Ports: racoon

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52485

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: racoon

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: racoon

CVE-2004-0155
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1,
validates the X.509 certificate but does not verify the RSA signature
authentication, which allows remote attackers to establish
unauthorized IP connections or conduct man-in-the-middle attacks using
a valid, trusted X.509 certificate.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0155
http://marc.info/?l=bugtraq&m=108369640424244&w=2
BugTraq ID: 10072
http://www.securityfocus.com/bid/10072
Bugtraq: 20040407 CAN-2004-0155: The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections (Google Search)
http://marc.info/?l=bugtraq&m=108136746911000&w=2
CERT/CC vulnerability note: VU#552398
http://www.kb.cert.org/vuls/id/552398
http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:027
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945
http://www.redhat.com/support/errata/RHSA-2004-165.html
SCO Security Bulletin: SCOSA-2005.10
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt
http://secunia.com/advisories/11328

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52485
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: racoon
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: racoon CVE-2004-0155 The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0155 http://marc.info/?l=bugtraq&m=108369640424244&w=2 BugTraq ID: 10072 http://www.securityfocus.com/bid/10072 Bugtraq: 20040407 CAN-2004-0155: The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections (Google Search) http://marc.info/?l=bugtraq&m=108136746911000&w=2 CERT/CC vulnerability note: VU#552398 http://www.kb.cert.org/vuls/id/552398 http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:027 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945 http://www.redhat.com/support/errata/RHSA-2004-165.html SCO Security Bulletin: SCOSA-2005.10 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt http://secunia.com/advisories/11328
Copyright	Copyright (C) 2008 E-Soft Inc.