Test ID:	1.3.6.1.4.1.25623.1.0.50550
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2004:070 (freeswan)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to freeswan announced via advisory MDKSA-2004:070. Thomas Walpuski discovered a vulnerability in the X.509 handling of super-freeswan, openswan, strongSwan, and FreeS/WAN with the X.509 patch applied. This vulnerability allows an attacker to make up their own Certificate Authority that can allow them to impersonate the identity of a valid DN. As well, another hole exists in the CA checking code that could create an endless loop in certain instances. Mandrakesoft encourages all users who use FreeS/WAN or super-freeswan to upgrade to the updated packages which are patched to correct these flaws. Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0590 http://lists.openswan.org/pipermail/dev/2004-June/000369.html http://www.openswan.org/support/vuln/can-2004-0590/ Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0590 http://security.gentoo.org/glsa/glsa-200406-20.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070 XForce ISS Database: ipsec-verifyx509cert-auth-bypass(16515) https://exchange.xforce.ibmcloud.com/vulnerabilities/16515
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.