Signature Detail

IKE: KAME racoon X509 Certificate Verification

This signature detects attempts to exploit a known vulnerability against IKE daemon of KAME racoon. A successful attack can establish a trusted secure connection with the target using invalid X.509 certificate.

Extended Description

Racoon improperly validates X.509 certificates when negotiating IPSec connections. When checking certificate validity, Racoon ignores many errors from OpenSSL and grants access to invalid certificates. When ignoring these errors, Racoon allows improper certificates to be used when authenticating connections. This vulnerability could allow attackers to forge certificates and potentially gain access to IPSec VPNs. This would also effectively make all certificates permanent. It is unknown which versions of Racoon are vulnerable at this time.

Affected Products

• Apple Mac OS X 10.2.8
• Apple Mac OS X 10.3.4
• Apple Mac OS X 10.3.5
• Apple Mac OS X Server 10.2.8
• Apple Mac OS X Server 10.3.4
• Apple Mac OS X Server 10.3.5
• IPsec-Tools 0.3.0
• IPsec-Tools 0.3.0 rc1
• IPsec-Tools 0.3.0 rc2
• IPsec-Tools 0.3.0 rc3
• IPsec-Tools 0.3.0 rc4
• IPsec-Tools 0.3.0 rc5
• IPsec-Tools 0.3.1
• IPsec-Tools 0.3.2
• KAME Racoon 20030711
• KAME Racoon 20040405
• KAME Racoon 20040407b
• KAME Racoon 20040503
• KAME Racoon
• Red Hat Desktop 3.0.0
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux WS 3
• SCO Unixware 7.1.4
• SGI Advanced Linux Environment 3.0.0

References

• BugTraq: 10546
• CVE: CVE-2004-0607