|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA11328] KAME Racoon IKE Daemon RSA Signature Verification Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Apr 09 2004 - 07:02:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
KAME Racoon IKE Daemon RSA Signature Verification Vulnerability
SECUNIA ADVISORY ID:
SA11328
VERIFY ADVISORY:
http://secunia.com/advisories/11328/
CRITICAL:
Moderately critical
IMPACT:
Hijacking, Security Bypass
WHERE:
From remote
SOFTWARE:
KAME Racoon
IPsec-Tools 0.x
DESCRIPTION:
Ralf Spenneberg has reported a vulnerability in KAME Racoon, which
can be exploited by malicious people to conduct MitM attacks
(Man-in-the-Middle) or establish unauthorised connections.
The vulnerability is caused due to an error within the
"eay_rsa_verify()" function in "crypto_openssl.c". During
authentication using RSA signatures, this will result in only the
X.509 certificate being validated in Phase 1, and not the RSA
signature.
Successful exploitation allows a malicious person sending a valid,
trusted X.509 certificate and an arbitrary RSA signature to be
authenticated.
SOLUTION:
KAME Racoon:
Updates are available via CVS.
IPsec-Tools:
Update to a version released on or after 2004-04-05.
PROVIDED AND/OR DISCOVERED BY:
Ralf Spenneberg
ORIGINAL ADVISORY:
http://ipsec-tools.sourceforge.net/x509sig.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]