Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200406-17 (IPsec-Tools)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54602

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200406-17 (IPsec-Tools)

Resumen: The remote host is missing updates announced in;advisory GLSA 200406-17.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200406-17.

Vulnerability Insight:
racoon provided as part of IPsec-Tools fails do proper authentication.

Solution:
All IPsec-Tools users should upgrade to the latest stable version:

# emerge sync

# emerge -pv '>=net-firewall/ipsec-tools-0.3.3'
# emerge '>=net-firewall/ipsec-tools-0.3.3'

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0155
http://marc.info/?l=bugtraq&m=108369640424244&w=2
BugTraq ID: 10072
http://www.securityfocus.com/bid/10072
Bugtraq: 20040407 CAN-2004-0155: The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections (Google Search)
http://marc.info/?l=bugtraq&m=108136746911000&w=2
CERT/CC vulnerability note: VU#552398
http://www.kb.cert.org/vuls/id/552398
http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:027
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945
http://www.redhat.com/support/errata/RHSA-2004-165.html
SCO Security Bulletin: SCOSA-2005.10
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt
http://secunia.com/advisories/11328
Common Vulnerability Exposure (CVE) ID: CVE-2004-0607
BugTraq ID: 10546
http://www.securityfocus.com/bid/10546
Bugtraq: 20040614 authentication bug in KAME's racoon (Google Search)
http://marc.info/?l=bugtraq&m=108726102304507&w=2
Bugtraq: 20040615 Re: authentication bug in KAME's racoon (Google Search)
http://marc.info/?l=bugtraq&m=108731967126033&w=2
http://security.gentoo.org/glsa/glsa-200406-17.xml
http://www.osvdb.org/7113
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9163
http://www.redhat.com/support/errata/RHSA-2004-308.html
http://securitytracker.com/id?1010495
http://secunia.com/advisories/11863
http://secunia.com/advisories/11877
XForce ISS Database: racoon-eaycheckx509cert-auth-bypass(16414)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16414

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54602
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200406-17 (IPsec-Tools)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200406-17.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200406-17. Vulnerability Insight: racoon provided as part of IPsec-Tools fails do proper authentication. Solution: All IPsec-Tools users should upgrade to the latest stable version: # emerge sync # emerge -pv '>=net-firewall/ipsec-tools-0.3.3' # emerge '>=net-firewall/ipsec-tools-0.3.3' CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0155 http://marc.info/?l=bugtraq&m=108369640424244&w=2 BugTraq ID: 10072 http://www.securityfocus.com/bid/10072 Bugtraq: 20040407 CAN-2004-0155: The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections (Google Search) http://marc.info/?l=bugtraq&m=108136746911000&w=2 CERT/CC vulnerability note: VU#552398 http://www.kb.cert.org/vuls/id/552398 http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:027 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945 http://www.redhat.com/support/errata/RHSA-2004-165.html SCO Security Bulletin: SCOSA-2005.10 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt http://secunia.com/advisories/11328 Common Vulnerability Exposure (CVE) ID: CVE-2004-0607 BugTraq ID: 10546 http://www.securityfocus.com/bid/10546 Bugtraq: 20040614 authentication bug in KAME's racoon (Google Search) http://marc.info/?l=bugtraq&m=108726102304507&w=2 Bugtraq: 20040615 Re: authentication bug in KAME's racoon (Google Search) http://marc.info/?l=bugtraq&m=108731967126033&w=2 http://security.gentoo.org/glsa/glsa-200406-17.xml http://www.osvdb.org/7113 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9163 http://www.redhat.com/support/errata/RHSA-2004-308.html http://securitytracker.com/id?1010495 http://secunia.com/advisories/11863 http://secunia.com/advisories/11877 XForce ISS Database: racoon-eaycheckx509cert-auth-bypass(16414) https://exchange.xforce.ibmcloud.com/vulnerabilities/16414
Copyright	Copyright (C) 2008 E-Soft Inc.