Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2004:308

The remote host is missing updates announced in
advisory RHSA-2004:308.

IPSEC uses strong cryptography to provide both authentication and
encryption services.

When configured to use X.509 certificates to authenticate remote hosts,
ipsec-tools versions 0.3.3 and earlier will attempt to verify that host
certificate, but will not abort the key exchange if verification fails.
The Common Vulnerabilities and Exposures project ( has
assigned the name CVE-2004-0607 to this issue.

Users of ipsec-tools should upgrade to this updated package which contains
a backported security patch and is not vulnerable to this issue.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: BugTraq ID: 10546
Common Vulnerability Exposure (CVE) ID: CVE-2004-0607
Bugtraq: 20040614 authentication bug in KAME's racoon (Google Search)
Bugtraq: 20040615 Re: authentication bug in KAME's racoon (Google Search)
SCO Security Bulletin: SCOSA-2005.10
XForce ISS Database: racoon-eaycheckx509cert-auth-bypass(16414)
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.