Vulnerability Bulletins |
El demonio IKE Racoon no verifica firmas RSA |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software |
IPsec-tools <= 0.2.4 IPsec-tools <=0.3rc4 |
Description |
|
| Se ha descubierto una vulnerabilidad en el demonio IKE Racoon. La vulnerabilidad reside en la validación de certificados X.509 si se utiliza una firma RSA. La explotación de esta vulnerabilidad podría permitir a un atacante remoto establecer una conexión IPsec con el demonio racoon o empezar un ataque de "hombre en el medio" mediante un certificado X.509 válido ya que el demonio no verificará la firma RSA. | |
Solution |
|
|
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software IPsec-tools IPsec-tools 0.2.5 http://sourceforge.net/project/showfiles.php?group_id=74601&release_id=228873 IPsec-tools 0.3.3 http://sourceforge.net/project/showfiles.php?group_id=74601 Mandrake Linux Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/ipsec-tools-0.2.5-0.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libipsec-tools0-0.2.5-0.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/ipsec-tools-0.2.5-0.2.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/ipsec-tools-0.2.5-0.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64ipsec-tools0-0.2.5-0.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/ipsec-tools-0.2.5-0.2.100mdk.src.rpm Apple Mac OS X 10.3.3 - Cliente http://www.apple.com/support/downloads/securityupdate_2004-05-03_(10_3_3_Client).html Mac OS X 10.3.3 - Servidor http://www.apple.com/support/downloads/securityupdate.html Mac OS X 10.2.8 - Cliente http://www.apple.com/support/downloads/securityupdate_2004-05-03_(10_2_8_Client).html Mac OS X 10.2.8 - Servidor http://www.apple.com/support/downloads/securityupdate_2004-05-03_(10_2_8_Server).html SCO UnixWare 7.1.4 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/erg712650.pkg.Z |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2004-0155 |
| BID | |
Other resources |
|
|
IPsec-Tools update 2004-04-05 http://ipsec-tools.sourceforge.net/ MandrakeSoft Security Advisory MDKSA-2004:027 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:027 Apple Security Updates http://docs.info.apple.com/article.html?artnum=61798 Mandrakesoft Security Advisory MDKSA-2004:069 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:069 SCO Security Advisory SCOSA-2005.10 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2004-04-08 |
| 1.1 | Aviso emitido por Mandrake | 2004-04-13 |
| 1.2 | Aviso emitido por Apple | 2004-05-04 |
| 1.3 | IPsec-tools 0.3.3 publicado. Nuevo aviso emitido por Mandrake (MDKSA-2004:069). | 2004-07-15 |
| 1.4 | Aviso emitido por SCO (SCOSA-2005.10) | 2005-02-08 |