aru Posted April 10, 2004 Report Share Posted April 10, 2004 MandrakeSoft Security Advisory MDKSA-2004:027 : ipsec-tools April 8th, 2004 Updated ipsec-tools packages fix vulnerability in racoon A very serious security flaw was discovered by Ralf Spenneberg in racoon, the IKE daemon of the KAME-tools. Racoon does not very the RSA signature during phase one of a connection using either main or aggressive mode. Only the certificate of the client is verified, the certificate is not used to verify the client's signature. All versions of ipsec-tools prior to 0.2.5 and 0.3rc5 are vulnerable to this issue. The provided package updates ipsec-tools to 0.2.5. The released versions of Mandrake GNU/Linux affected are: 10.0Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:027 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0155 Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts