SID 16080
Msg
"SPECIFIC-THREATS KAME racoon X509 certificate verification bypass attempt"
Summary
This event is generated when an attempt is made to exploit a known vulnerability in ipsec-tools.
Classtype
attempted-user
Impact
Denial of Service. Information disclosure. Loss of integrity. Complete admin access.
Detailed Information
The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.
Affected Systems
- ipsec-tools 0.3
- ipsec-tools 0.3.1
- ipsec-tools 0.3.2
- ipsec-tools 0.3_rc1
- ipsec-tools 0.3_rc2
- ipsec-tools 0.3_rc3
- ipsec-tools 0.3_rc4
- ipsec-tools 0.3_rc5
Ease Of Attack
Simple. Exploits exist.
False Positives
None known.
False Negatives
None known.
Corrective Action
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
Contributors
- Sourcefire Vulnerability Research Team
- This document was generated from data supplied by the National Vulnerability Database. A product of the National Institute of Standards and Technology.
- For more information see http://nvd.nist.gov/
