Vulnerability Bulletins

int(950)

Vulnerability Bulletins

Validación incorrecta de certificados X.509 en Racoon
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	IPsec-Tools <0.3.3
Description
Se ha descubierto una vulnerabilidad en el demonio Racoon que acompaña a las versiones anteriores a la 0.3.3 de IPsec-tools. La vulnerabilidad reside en el verificado de los certificados X.509, concretamente en la función eay_check_x509cert() ya que se ignoran muchos errores de los que contempla OpenSSL. La explotación de esta vulnerabilidad podría permitir a un atacante remoto utilizar un certificado inválido para saltarse el proceso de autenticación y conseguir establecer una conexión IPSec sin autorización.
Solution
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software IPsec-tools IPsec-tools 0.3.3 http://sourceforge.net/project/showfiles.php?group_id=74601 Red Hat Linux Red Hat Desktop (v. 3) AMD64 ipsec-tools-0.2.5-0.5.x86_64.rpm SRPMS ipsec-tools-0.2.5-0.5.src.rpm i386 ipsec-tools-0.2.5-0.5.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) AMD64 ipsec-tools-0.2.5-0.5.x86_64.rpm SRPMS ipsec-tools-0.2.5-0.5.src.rpm i386 ipsec-tools-0.2.5-0.5.i386.rpm ia64 ipsec-tools-0.2.5-0.5.ia64.rpm ppc ipsec-tools-0.2.5-0.5.ppc.rpm ppc64 ipsec-tools-0.2.5-0.5.ppc64.rpm s390 ipsec-tools-0.2.5-0.5.s390.rpm s390x ipsec-tools-0.2.5-0.5.s390x.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) AMD64 ipsec-tools-0.2.5-0.5.x86_64.rpm SRPMS ipsec-tools-0.2.5-0.5.src.rpm i386 ipsec-tools-0.2.5-0.5.i386.rpm ia64 ipsec-tools-0.2.5-0.5.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) AMD64 ipsec-tools-0.2.5-0.5.x86_64.rpm SRPMS ipsec-tools-0.2.5-0.5.src.rpm i386 ipsec-tools-0.2.5-0.5.i386.rpm ia64 ipsec-tools-0.2.5-0.5.ia64.rpm https://rhn.redhat.com/ Apple Mac OS X 10.2.8 http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_2_8_Client).html Mac OS X 10.3.4 http://www.apple.com/support/downloads//securityupdate_2004-09-07(10_3_4_Client).html Mac OS X 10.3.5 http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_3_5_Client).html Mac OS X Server 10.2.8 http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_2_8_Server).html Mac OS X Server 10.3.4 http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_3_4_Server).html Mac OS X Server 10.3.5 http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_3_5_Server).html SCO UnixWare 7.1.4 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/erg712650.pkg.Z
Standar resources
Property	Value
CVE	CAN-2004-0607
BID	10546
Other resources
Red Hat Security Advisory RHSA-2004:308-06 https://rhn.redhat.com/errata/RHSA-2004-308.html Apple Security Update 2004-09-07 http://docs.info.apple.com/article.html?artnum=61798 SCO Security Advisory SCOSA-2005.10 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-07-30
1.1	Aviso emitido por Apple (2004-09-07)	2004-09-08
1.2	Aviso emitido por SCO (SCOSA-2005.10)	2005-02-08

Vulnerability Bulletins

Validación incorrecta de certificados X.509 en Racoon

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history