CVE-2004-0155
Published: 1 June 2004
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.
Priority
Status
Package | Release | Status |
---|---|---|
ipsec-tools Launchpad, Ubuntu, Debian |
dapper |
Released
(0.6.5-4ubuntu1.1)
|
edgy |
Released
(0.6.6-1ubuntu1.1)
|
|
feisty |
Released
(0.6.6-3ubuntu3)
|
|
upstream |
Needs triage
|
|
gutsy |
Released
(0.6.6-3ubuntu3)
|