{"vuid":"VU#552398","idnumber":"552398","name":"KAME Racoon IKE daemon fails to properly verify client RSA signatures","keywords":["KAME","Racoon","IKE daemon","X.509","man-in-the-middle","mitm","eay_rsa_verify()","crypto_openssl.c"],"overview":"The KAME Racoon IKE daemon fails to properly verify client RSA signatures when using Main or Aggressive Mode during a Phase 1 IKE exchange.","clean_desc":"Racoon is an IKE Key Management daemon that negotiates and configures a set of parameters for IPSec. When authenticating a peer in Phase 1 of an IKE exchange, Racoon can use pre-shared keys, RSA signatures, or GSS-API. When using RSA signatures for authentication, Racoon validates the X.509 certificate, but fails to verify the client RSA signature.","impact":"An attacker with access to a trusted X.509 certificate can conduct a man-in-the-middle attack or establish an authenticated IPSec connection using any private key to generate the RSA signature.","resolution":"Apply Patch\nApply a patch as specified by your vendor. If a patch is unavailable, KAME has released a patch that is available in their CVS repository at: http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/crypto_openssl.c.diff?r1=1.83&r2=1.84","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Ralf Spenneberg.","author":"This document was written by Damon Morda.","public":["http://ipsec-tools.sourceforge.net/x509sig.html","http://www.kame.net/racoon/","http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/crypto_openssl.c.diff?r1=1.83&r2=1.84","http://vuxml.freebsd.org/d8769838-8814-11d8-90d1-0020ed76ef5a.html","http://secunia.com/advisories/11328/","http://forums.gentoo.org/viewtopic.php?t=158550"],"cveids":["CVE-2004-0155"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-04-09T14:12:55Z","publicdate":"2004-04-07T00:00:00Z","datefirstpublished":"2004-04-09T20:40:12Z","dateupdated":"2004-04-09T20:43:41Z","revision":27,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"10","cam_impact":"10","cam_easeofexploitation":"13","cam_attackeraccessrequired":"16","cam_scorecurrent":"8.58","cam_scorecurrentwidelyknown":"10.53","cam_scorecurrentwidelyknownexploited":"18.33","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":8.58,"vulnote":null}