ISS X-Force Database: racoon-eaycheckx509cert-auth-bypass(16414): Racoon and IPsec-Tools eay_check

Racoon and IPsec-Tools eay_check_x509cert authentication bypass

racoon-eaycheckx509cert-auth-bypass (16414)

Medium Risk

Description:

Racoon could allow a remote attacker to bypass authentication, caused by a vulnerability in the eay_check_x509cert function. Racoon validates a certificate even if the certificate is expired, self-signed, signed by an invalid Certificate Authority (CA), for an invalid purpose or the path length has been exceeded. A remote attacker could supply an invalid certificate to bypass authentication and gain unauthorized access.

Note: IPsec-Tools versions prior to 0.3.3 are affected by this vulnerability.

Platforms Affected:

Gentoo, Linux
IPsec-Tools, IPsec-Tools prior to 0.3.3
KAME Project, Racoon
RedHat, Enterprise Linux 3 ES
RedHat, Enterprise Linux 3 WS
RedHat, Enterprise Linux 3 Desktop
RedHat, Enterprise Linux 3 AS
RedHat, Linux 3.0
SCO, SCO UnixWare 7.1.4

Remedy:

Upgrade to the latest version of Ipsec-Tools (0.3.3 or later), available from the Ipsec-Tools Web page. See References.

For Gentoo Linux Security:
Upgrade to the latest version of Ipsec-Tools (0.3.3 or later), as listed in GLSA 200406-17. See References.

For Red Hat Linux:
Upgrade to the latest Ipsec-Tools package, as listed below. Refer to RHSA-2004:308-06 for more information. See References.

Red Hat Enterprise Linux AS (v. 3), ES (v. 3), WS (v. 3), Desktop: 0.2.5-0.5.x86_64 or later

For SCO UnixWare 7.1.4:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory SCOSA-2005.10. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Bypass Security

References:

BugTraq Mailing List, Tue Jun 15 2004 - 10:17:25 CDT, Re: authentication bug in KAME's racoon at http://archives.neohapsis.com/archives/bugtraq/2004-06/0222.html.
CIAC Information Bulletin O-212, Apple Security Update at http://www.ciac.org/ciac/bulletins/o-212.shtml.
Full-Disclosure Mailing List, Mon Jun 14 2004 - 13:55:11 CDT , authentication bug in KAME's racoon at http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0391.html.
GLSA 200406-17, IPsec-Tools: authentication bug in racoon at http://www.linuxsecurity.com/content/view/106209/104/.
IPsec Tools Release Notes Web page, Project: Linux IPsec Tools: Release Notes at http://sourceforge.net/project/shownotes.php?release_id=245982.
Ipsec-Tools Web page, IPsec-Tools Homepage at http://ipsec-tools.sourceforge.net/.
SCO Security Advisory, SCOSA-2005.10 at ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt.
BID-10546: KAME Racoon IDE Daemon X.509 Improper Certificate Verification Vulnerability
CVE-2004-0607: The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.
GLSA-200406-17: IPsec-Tools: authentication bug in racoon
OSVDB ID: 7113: KAME Racoon X.509 Invalid Certificate Validation
RHSA-2004-308: ipsec-tools security update
SA11863: KAME Racoon X.509 Certificate Validation Vulnerability
SA11877: IPsec-Tools Denial of Service and Certificate Validation Vulnerabilities
SECTRACK ID: 1010495: KAME Racoon May Validate Invalid Certificates

Reported:

Jun 14, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page