IKE: KAME racoon X509 Certificate Verification
This signature detects attempts to exploit a known vulnerability against IKE daemon of KAME racoon. A successful attack can establish a trusted secure connection with the target using invalid X.509 certificate.
Extended Description
Racoon improperly validates X.509 certificates when negotiating IPSec connections. When checking certificate validity, Racoon ignores many errors from OpenSSL and grants access to invalid certificates. When ignoring these errors, Racoon allows improper certificates to be used when authenticating connections. This vulnerability could allow attackers to forge certificates and potentially gain access to IPSec VPNs. This would also effectively make all certificates permanent. It is unknown which versions of Racoon are vulnerable at this time.
Affected Products
Apple mac_os_x_server
Short Name
IKE:KAME-RACOON-X509-CERT-VERIF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
IKE
Keywords
CVE-2004-0607 Certificate KAME Verification X509 bid:10546 racoon
Release Date
02/18/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Sco
Apple
Kame
Sgi
Ipsec-tools
CVSS Score
10.0