Description
The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.
Product(s):
- IPsec-Tools 0.3.1
- IPsec-Tools 0.3.2
- IPsec-tools 0.3
- IPsec-Tools 0.3 RC1
- IPsec-Tools 0.3 RC2
- IPsec-Tools 0.3 RC3
- IPsec-Tools 0.3 RC4
- IPsec-Tools 0.3 RC5
- KAME Racoon
- KAME Racoon 2003-07-11
- KAME Racoon 2004-04-05
- KAME Racoon 2004-04-07b
- KAME Racoon 2004-05-03
- Red Hat Enterprise Linux 3.0 Advanced Servers
- Red Hat Enterprise Linux 3.0 Enterprise Server Edition
- Red Hat Enterprise Linux 3.0 Workstation
- Red Hat Desktop 3.0
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-0607, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-0607 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.