FreeBSD Local Security Checks : FreeBSD Ports: racoon

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52492

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: racoon

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: racoon

CVE-2004-0164
KAME IKE daemon (racoon) does not properly handle hash values, which
allows remote attackers to delete certificates via (1) a certain
delete message that is not properly handled in isakmp.c or
isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not
properly handled in isakmp_inf.c.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0164
http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html
BugTraq ID: 9416
http://www.securityfocus.com/bid/9416
BugTraq ID: 9417
http://www.securityfocus.com/bid/9417
Bugtraq: 20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon (Google Search)
http://marc.info/?l=bugtraq&m=107403331309838&w=2
Bugtraq: 20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon (Google Search)
http://marc.info/?l=bugtraq&m=107411758202662&w=2
NETBSD Security Advisory: NetBSD-SA2004-001
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A947
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9737
XForce ISS Database: openbsd-isakmp-initialcontact-delete-sa(14118)
https://exchange.xforce.ibmcloud.com/vulnerabilities/14118
XForce ISS Database: openbsd-isakmp-invalidspi-delete-sa(14117)
https://exchange.xforce.ibmcloud.com/vulnerabilities/14117

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52492
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: racoon
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: racoon CVE-2004-0164 KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0164 http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html BugTraq ID: 9416 http://www.securityfocus.com/bid/9416 BugTraq ID: 9417 http://www.securityfocus.com/bid/9417 Bugtraq: 20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon (Google Search) http://marc.info/?l=bugtraq&m=107403331309838&w=2 Bugtraq: 20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon (Google Search) http://marc.info/?l=bugtraq&m=107411758202662&w=2 NETBSD Security Advisory: NetBSD-SA2004-001 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A947 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9737 XForce ISS Database: openbsd-isakmp-initialcontact-delete-sa(14118) https://exchange.xforce.ibmcloud.com/vulnerabilities/14118 XForce ISS Database: openbsd-isakmp-invalidspi-delete-sa(14117) https://exchange.xforce.ibmcloud.com/vulnerabilities/14117
Copyright	Copyright (C) 2008 E-Soft Inc.