Required CVE Record Information
Description
The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.
References 13 Total
- marc.info: 20040615 Re: authentication bug in KAME's racoon mailing-list
- http://sourceforge.net/project/shownotes.php?release_id=245982
- osvdb.org: 7113 vdb-entry
- secunia.com: 11877 third-party-advisory
- marc.info: 20040614 authentication bug in KAME's racoon mailing-list
- exchange.xforce.ibmcloud.com: racoon-eaycheckx509cert-auth-bypass(16414) vdb-entry
- redhat.com: RHSA-2004:308 vendor-advisory
- ftp.sco.com: SCOSA-2005.10 vendor-advisory
- oval.cisecurity.org: oval:org.mitre.oval:def:9163 vdb-entrysignature
- securitytracker.com: 1010495 vdb-entry
- secunia.com: 11863 third-party-advisory
- securityfocus.com: 10546 vdb-entry
- security.gentoo.org: GLSA-200406-17 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 13 Total
- marc.info: 20040615 Re: authentication bug in KAME's racoon mailing-listx_transferred
- http://sourceforge.net/project/shownotes.php?release_id=245982 x_transferred
- osvdb.org: 7113 vdb-entryx_transferred
- secunia.com: 11877 third-party-advisoryx_transferred
- marc.info: 20040614 authentication bug in KAME's racoon mailing-listx_transferred
- exchange.xforce.ibmcloud.com: racoon-eaycheckx509cert-auth-bypass(16414) vdb-entryx_transferred
- redhat.com: RHSA-2004:308 vendor-advisoryx_transferred
- ftp.sco.com: SCOSA-2005.10 vendor-advisoryx_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:9163 vdb-entrysignaturex_transferred
- securitytracker.com: 1010495 vdb-entryx_transferred
- secunia.com: 11863 third-party-advisoryx_transferred
- securityfocus.com: 10546 vdb-entryx_transferred
- security.gentoo.org: GLSA-200406-17 vendor-advisoryx_transferred