Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for racoon by kame

    CVE-2005-0398 (GCVE-0-2005-0398)

    Vulnerability from cvelistv5 – Published: 2005-03-26 05:00 – Updated: 2024-08-07 21:13
    VLAI
    Summary
    The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/bugzilla/attachment.c… x_refsource_MISC
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://security.gentoo.org/glsa/glsa-200503-33.xml vendor-advisoryx_refsource_GENTOO
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/12804 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2005/0264 vdb-entryx_refsource_VUPEN
    http://sourceforge.net/mailarchive/forum.php?thre… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/14584 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2005-232.html vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://securitytracker.com/id?1013433 vdb-entryx_refsource_SECTRACK
    Date Public
    2005-03-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:13:54.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966\u0026action=view"
              },
              {
                "name": "MDKSA-2005:062",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:062"
              },
              {
                "name": "GLSA-200503-33",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200503-33.xml"
              },
              {
                "name": "racoon-isakmp-header-dos(19707)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19707"
              },
              {
                "name": "12804",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12804"
              },
              {
                "name": "ADV-2005-0264",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/0264"
              },
              {
                "name": "[ipsec-tools-devel] 20050312 potential remote crash in racoon",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=6787713\u0026forum_id=32000"
              },
              {
                "name": "14584",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/14584"
              },
              {
                "name": "RHSA-2005:232",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-232.html"
              },
              {
                "name": "oval:org.mitre.oval:def:10028",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10028"
              },
              {
                "name": "1013433",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1013433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-03-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966\u0026action=view"
            },
            {
              "name": "MDKSA-2005:062",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:062"
            },
            {
              "name": "GLSA-200503-33",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200503-33.xml"
            },
            {
              "name": "racoon-isakmp-header-dos(19707)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19707"
            },
            {
              "name": "12804",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12804"
            },
            {
              "name": "ADV-2005-0264",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/0264"
            },
            {
              "name": "[ipsec-tools-devel] 20050312 potential remote crash in racoon",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=6787713\u0026forum_id=32000"
            },
            {
              "name": "14584",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/14584"
            },
            {
              "name": "RHSA-2005:232",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-232.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10028",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10028"
            },
            {
              "name": "1013433",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1013433"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2005-0398",
        "datePublished": "2005-03-26T05:00:00.000Z",
        "dateReserved": "2005-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:13:54.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0607 (GCVE-0-2004-0607)

    Vulnerability from cvelistv5 – Published: 2004-06-30 04:00 – Updated: 2024-08-08 00:24
    VLAI
    Summary
    The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=bugtraq&m=108731967126033&w=2 mailing-listx_refsource_BUGTRAQ
    http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
    http://www.osvdb.org/7113 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/11877 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=108726102304507&w=2 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.redhat.com/support/errata/RHSA-2004-308.html vendor-advisoryx_refsource_REDHAT
    ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005… vendor-advisoryx_refsource_SCO
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://securitytracker.com/id?1010495 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/11863 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/10546 vdb-entryx_refsource_BID
    http://security.gentoo.org/glsa/glsa-200406-17.xml vendor-advisoryx_refsource_GENTOO
    Date Public
    2004-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:24:26.577Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20040615 Re: authentication bug in KAME\u0027s racoon",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108731967126033\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=245982"
              },
              {
                "name": "7113",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/7113"
              },
              {
                "name": "11877",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11877"
              },
              {
                "name": "20040614 authentication bug in KAME\u0027s racoon",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108726102304507\u0026w=2"
              },
              {
                "name": "racoon-eaycheckx509cert-auth-bypass(16414)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16414"
              },
              {
                "name": "RHSA-2004:308",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-308.html"
              },
              {
                "name": "SCOSA-2005.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
              },
              {
                "name": "oval:org.mitre.oval:def:9163",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9163"
              },
              {
                "name": "1010495",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1010495"
              },
              {
                "name": "11863",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11863"
              },
              {
                "name": "10546",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10546"
              },
              {
                "name": "GLSA-200406-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200406-17.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20040615 Re: authentication bug in KAME\u0027s racoon",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108731967126033\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=245982"
            },
            {
              "name": "7113",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/7113"
            },
            {
              "name": "11877",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11877"
            },
            {
              "name": "20040614 authentication bug in KAME\u0027s racoon",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108726102304507\u0026w=2"
            },
            {
              "name": "racoon-eaycheckx509cert-auth-bypass(16414)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16414"
            },
            {
              "name": "RHSA-2004:308",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-308.html"
            },
            {
              "name": "SCOSA-2005.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
            },
            {
              "name": "oval:org.mitre.oval:def:9163",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9163"
            },
            {
              "name": "1010495",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1010495"
            },
            {
              "name": "11863",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11863"
            },
            {
              "name": "10546",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10546"
            },
            {
              "name": "GLSA-200406-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200406-17.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0607",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20040615 Re: authentication bug in KAME\u0027s racoon",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108731967126033\u0026w=2"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=245982",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=245982"
                },
                {
                  "name": "7113",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/7113"
                },
                {
                  "name": "11877",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11877"
                },
                {
                  "name": "20040614 authentication bug in KAME\u0027s racoon",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108726102304507\u0026w=2"
                },
                {
                  "name": "racoon-eaycheckx509cert-auth-bypass(16414)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16414"
                },
                {
                  "name": "RHSA-2004:308",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-308.html"
                },
                {
                  "name": "SCOSA-2005.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
                },
                {
                  "name": "oval:org.mitre.oval:def:9163",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9163"
                },
                {
                  "name": "1010495",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1010495"
                },
                {
                  "name": "11863",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11863"
                },
                {
                  "name": "10546",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10546"
                },
                {
                  "name": "GLSA-200406-17",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200406-17.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0607",
        "datePublished": "2004-06-30T04:00:00.000Z",
        "dateReserved": "2004-06-29T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:24:26.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0392 (GCVE-0-2004-0392)

    Vulnerability from cvelistv5 – Published: 2004-05-06 04:00 – Updated: 2024-08-08 00:17
    VLAI
    Summary
    racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2004-04-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:17:14.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html"
              },
              {
                "name": "racoon-isakmp-dos(15893)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://orange.kame.net/dev/query-pr.cgi?pr=555"
              },
              {
                "name": "SCOSA-2005.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-04-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) \"Security Association Next Payload\" and (2) \"RESERVED\" fields."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html"
            },
            {
              "name": "racoon-isakmp-dos(15893)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://orange.kame.net/dev/query-pr.cgi?pr=555"
            },
            {
              "name": "SCOSA-2005.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0392",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) \"Security Association Next Payload\" and (2) \"RESERVED\" fields."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html"
                },
                {
                  "name": "racoon-isakmp-dos(15893)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893"
                },
                {
                  "name": "http://orange.kame.net/dev/query-pr.cgi?pr=555",
                  "refsource": "CONFIRM",
                  "url": "http://orange.kame.net/dev/query-pr.cgi?pr=555"
                },
                {
                  "name": "SCOSA-2005.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0392",
        "datePublished": "2004-05-06T04:00:00.000Z",
        "dateReserved": "2004-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:17:14.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0155 (GCVE-0-2004-0155)

    Vulnerability from cvelistv5 – Published: 2004-04-16 04:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://www.mandrakesecure.net/en/advisories/advis… vendor-advisoryx_refsource_MANDRAKE
    http://marc.info/?l=bugtraq&m=108369640424244&w=2 vendor-advisoryx_refsource_APPLE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005… vendor-advisoryx_refsource_SCO
    http://www.gentoo.org/security/en/glsa/glsa-20040… vendor-advisoryx_refsource_GENTOO
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/11328 third-party-advisoryx_refsource_SECUNIA
    http://www.kb.cert.org/vuls/id/552398 third-party-advisoryx_refsource_CERT-VN
    http://www.redhat.com/support/errata/RHSA-2004-165.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/10072 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=108136746911000&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2004-04-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.501Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDKSA-2004:027",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:027"
              },
              {
                "name": "MDKSA-2004:069",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069"
              },
              {
                "name": "APPLE-SA-2004-05-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:9291",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291"
              },
              {
                "name": "SCOSA-2005.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
              },
              {
                "name": "GLSA-200406-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml"
              },
              {
                "name": "oval:org.mitre.oval:def:945",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945"
              },
              {
                "name": "11328",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11328"
              },
              {
                "name": "VU#552398",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/552398"
              },
              {
                "name": "RHSA-2004:165",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-165.html"
              },
              {
                "name": "10072",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10072"
              },
              {
                "name": "20040407 CAN-2004-0155:  The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108136746911000\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-04-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "MDKSA-2004:027",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:027"
            },
            {
              "name": "MDKSA-2004:069",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069"
            },
            {
              "name": "APPLE-SA-2004-05-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:9291",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291"
            },
            {
              "name": "SCOSA-2005.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
            },
            {
              "name": "GLSA-200406-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:945",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945"
            },
            {
              "name": "11328",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11328"
            },
            {
              "name": "VU#552398",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/552398"
            },
            {
              "name": "RHSA-2004:165",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-165.html"
            },
            {
              "name": "10072",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10072"
            },
            {
              "name": "20040407 CAN-2004-0155:  The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108136746911000\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0155",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDKSA-2004:027",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:027"
                },
                {
                  "name": "MDKSA-2004:069",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069"
                },
                {
                  "name": "APPLE-SA-2004-05-03",
                  "refsource": "APPLE",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:9291",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291"
                },
                {
                  "name": "SCOSA-2005.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
                },
                {
                  "name": "GLSA-200406-17",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml"
                },
                {
                  "name": "oval:org.mitre.oval:def:945",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945"
                },
                {
                  "name": "11328",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11328"
                },
                {
                  "name": "VU#552398",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/552398"
                },
                {
                  "name": "RHSA-2004:165",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-165.html"
                },
                {
                  "name": "10072",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10072"
                },
                {
                  "name": "20040407 CAN-2004-0155:  The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108136746911000\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0155",
        "datePublished": "2004-04-16T04:00:00.000Z",
        "dateReserved": "2004-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0403 (GCVE-0-2004-0403)

    Vulnerability from cvelistv5 – Published: 2004-04-16 04:00 – Updated: 2024-08-08 00:17
    VLAI
    Summary
    Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.mandrakesecure.net/en/advisories/advis… vendor-advisoryx_refsource_MANDRAKE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://securitytracker.com/id?1009937 vdb-entryx_refsource_SECTRACK
    http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-9… x_refsource_CONFIRM
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://marc.info/?l=bugtraq&m=108369640424244&w=2 vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/11877 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005… vendor-advisoryx_refsource_SCO
    http://www.securityfocus.com/bid/10172 vdb-entryx_refsource_BID
    http://secunia.com/advisories/11410 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200404-17.xml vendor-advisoryx_refsource_GENTOO
    http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
    http://www.osvdb.org/5491 vdb-entryx_refsource_OSVDB
    http://www.redhat.com/support/errata/RHSA-2004-165.html vendor-advisoryx_refsource_REDHAT
    http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kam… x_refsource_CONFIRM
    Date Public
    2004-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:17:14.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDKSA-2004:069",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069"
              },
              {
                "name": "oval:org.mitre.oval:def:984",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A984"
              },
              {
                "name": "1009937",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1009937"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html"
              },
              {
                "name": "20040506-01-U",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20040506-01-U.asc"
              },
              {
                "name": "racoon-isakmp-dos(15893)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893"
              },
              {
                "name": "oval:org.mitre.oval:def:11220",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11220"
              },
              {
                "name": "APPLE-SA-2004-05-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
              },
              {
                "name": "11877",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11877"
              },
              {
                "name": "SCOSA-2005.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
              },
              {
                "name": "10172",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10172"
              },
              {
                "name": "11410",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11410"
              },
              {
                "name": "GLSA-200404-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200404-17.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=232288"
              },
              {
                "name": "5491",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/5491"
              },
              {
                "name": "RHSA-2004:165",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-165.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180\u0026r2=1.181"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "MDKSA-2004:069",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069"
            },
            {
              "name": "oval:org.mitre.oval:def:984",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A984"
            },
            {
              "name": "1009937",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1009937"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html"
            },
            {
              "name": "20040506-01-U",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040506-01-U.asc"
            },
            {
              "name": "racoon-isakmp-dos(15893)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893"
            },
            {
              "name": "oval:org.mitre.oval:def:11220",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11220"
            },
            {
              "name": "APPLE-SA-2004-05-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
            },
            {
              "name": "11877",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11877"
            },
            {
              "name": "SCOSA-2005.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
            },
            {
              "name": "10172",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10172"
            },
            {
              "name": "11410",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11410"
            },
            {
              "name": "GLSA-200404-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200404-17.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=232288"
            },
            {
              "name": "5491",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/5491"
            },
            {
              "name": "RHSA-2004:165",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-165.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180\u0026r2=1.181"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0403",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDKSA-2004:069",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069"
                },
                {
                  "name": "oval:org.mitre.oval:def:984",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A984"
                },
                {
                  "name": "1009937",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1009937"
                },
                {
                  "name": "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html"
                },
                {
                  "name": "20040506-01-U",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20040506-01-U.asc"
                },
                {
                  "name": "racoon-isakmp-dos(15893)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893"
                },
                {
                  "name": "oval:org.mitre.oval:def:11220",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11220"
                },
                {
                  "name": "APPLE-SA-2004-05-03",
                  "refsource": "APPLE",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
                },
                {
                  "name": "11877",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11877"
                },
                {
                  "name": "SCOSA-2005.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
                },
                {
                  "name": "10172",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10172"
                },
                {
                  "name": "11410",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11410"
                },
                {
                  "name": "GLSA-200404-17",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200404-17.xml"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=232288",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=232288"
                },
                {
                  "name": "5491",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/5491"
                },
                {
                  "name": "RHSA-2004:165",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-165.html"
                },
                {
                  "name": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180\u0026r2=1.181",
                  "refsource": "CONFIRM",
                  "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180\u0026r2=1.181"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0403",
        "datePublished": "2004-04-16T04:00:00.000Z",
        "dateReserved": "2004-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:17:14.610Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0164 (GCVE-0-2004-0164)

    Vulnerability from cvelistv5 – Published: 2004-02-19 05:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2004-01-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.249Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:9737",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9737"
              },
              {
                "name": "oval:org.mitre.oval:def:947",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A947"
              },
              {
                "name": "9417",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9417"
              },
              {
                "name": "9416",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9416"
              },
              {
                "name": "openbsd-isakmp-invalidspi-delete-sa(14117)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14117"
              },
              {
                "name": "20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107411758202662\u0026w=2"
              },
              {
                "name": "NetBSD-SA2004-001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc"
              },
              {
                "name": "20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107403331309838\u0026w=2"
              },
              {
                "name": "openbsd-isakmp-initialcontact-delete-sa(14118)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14118"
              },
              {
                "name": "APPLE-SA-2004-02-23",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-01-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:9737",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9737"
            },
            {
              "name": "oval:org.mitre.oval:def:947",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A947"
            },
            {
              "name": "9417",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9417"
            },
            {
              "name": "9416",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9416"
            },
            {
              "name": "openbsd-isakmp-invalidspi-delete-sa(14117)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14117"
            },
            {
              "name": "20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107411758202662\u0026w=2"
            },
            {
              "name": "NetBSD-SA2004-001",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc"
            },
            {
              "name": "20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107403331309838\u0026w=2"
            },
            {
              "name": "openbsd-isakmp-initialcontact-delete-sa(14118)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14118"
            },
            {
              "name": "APPLE-SA-2004-02-23",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0164",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:9737",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9737"
                },
                {
                  "name": "oval:org.mitre.oval:def:947",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A947"
                },
                {
                  "name": "9417",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9417"
                },
                {
                  "name": "9416",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9416"
                },
                {
                  "name": "openbsd-isakmp-invalidspi-delete-sa(14117)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14117"
                },
                {
                  "name": "20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107411758202662\u0026w=2"
                },
                {
                  "name": "NetBSD-SA2004-001",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc"
                },
                {
                  "name": "20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107403331309838\u0026w=2"
                },
                {
                  "name": "openbsd-isakmp-initialcontact-delete-sa(14118)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14118"
                },
                {
                  "name": "APPLE-SA-2004-02-23",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0164",
        "datePublished": "2004-02-19T05:00:00.000Z",
        "dateReserved": "2004-02-18T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0398 (GCVE-0-2005-0398)

    Vulnerability from nvd – Published: 2005-03-26 05:00 – Updated: 2024-08-07 21:13
    VLAI
    Summary
    The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/bugzilla/attachment.c… x_refsource_MISC
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://security.gentoo.org/glsa/glsa-200503-33.xml vendor-advisoryx_refsource_GENTOO
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/12804 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2005/0264 vdb-entryx_refsource_VUPEN
    http://sourceforge.net/mailarchive/forum.php?thre… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/14584 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2005-232.html vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://securitytracker.com/id?1013433 vdb-entryx_refsource_SECTRACK
    Date Public
    2005-03-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:13:54.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966\u0026action=view"
              },
              {
                "name": "MDKSA-2005:062",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:062"
              },
              {
                "name": "GLSA-200503-33",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200503-33.xml"
              },
              {
                "name": "racoon-isakmp-header-dos(19707)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19707"
              },
              {
                "name": "12804",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12804"
              },
              {
                "name": "ADV-2005-0264",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/0264"
              },
              {
                "name": "[ipsec-tools-devel] 20050312 potential remote crash in racoon",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=6787713\u0026forum_id=32000"
              },
              {
                "name": "14584",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/14584"
              },
              {
                "name": "RHSA-2005:232",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-232.html"
              },
              {
                "name": "oval:org.mitre.oval:def:10028",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10028"
              },
              {
                "name": "1013433",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1013433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-03-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966\u0026action=view"
            },
            {
              "name": "MDKSA-2005:062",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:062"
            },
            {
              "name": "GLSA-200503-33",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200503-33.xml"
            },
            {
              "name": "racoon-isakmp-header-dos(19707)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19707"
            },
            {
              "name": "12804",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12804"
            },
            {
              "name": "ADV-2005-0264",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/0264"
            },
            {
              "name": "[ipsec-tools-devel] 20050312 potential remote crash in racoon",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=6787713\u0026forum_id=32000"
            },
            {
              "name": "14584",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/14584"
            },
            {
              "name": "RHSA-2005:232",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-232.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10028",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10028"
            },
            {
              "name": "1013433",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1013433"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2005-0398",
        "datePublished": "2005-03-26T05:00:00.000Z",
        "dateReserved": "2005-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:13:54.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0607 (GCVE-0-2004-0607)

    Vulnerability from nvd – Published: 2004-06-30 04:00 – Updated: 2024-08-08 00:24
    VLAI
    Summary
    The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=bugtraq&m=108731967126033&w=2 mailing-listx_refsource_BUGTRAQ
    http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
    http://www.osvdb.org/7113 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/11877 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=108726102304507&w=2 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.redhat.com/support/errata/RHSA-2004-308.html vendor-advisoryx_refsource_REDHAT
    ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005… vendor-advisoryx_refsource_SCO
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://securitytracker.com/id?1010495 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/11863 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/10546 vdb-entryx_refsource_BID
    http://security.gentoo.org/glsa/glsa-200406-17.xml vendor-advisoryx_refsource_GENTOO
    Date Public
    2004-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:24:26.577Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20040615 Re: authentication bug in KAME\u0027s racoon",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108731967126033\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=245982"
              },
              {
                "name": "7113",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/7113"
              },
              {
                "name": "11877",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11877"
              },
              {
                "name": "20040614 authentication bug in KAME\u0027s racoon",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108726102304507\u0026w=2"
              },
              {
                "name": "racoon-eaycheckx509cert-auth-bypass(16414)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16414"
              },
              {
                "name": "RHSA-2004:308",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-308.html"
              },
              {
                "name": "SCOSA-2005.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
              },
              {
                "name": "oval:org.mitre.oval:def:9163",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9163"
              },
              {
                "name": "1010495",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1010495"
              },
              {
                "name": "11863",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11863"
              },
              {
                "name": "10546",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10546"
              },
              {
                "name": "GLSA-200406-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200406-17.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20040615 Re: authentication bug in KAME\u0027s racoon",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108731967126033\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=245982"
            },
            {
              "name": "7113",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/7113"
            },
            {
              "name": "11877",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11877"
            },
            {
              "name": "20040614 authentication bug in KAME\u0027s racoon",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108726102304507\u0026w=2"
            },
            {
              "name": "racoon-eaycheckx509cert-auth-bypass(16414)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16414"
            },
            {
              "name": "RHSA-2004:308",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-308.html"
            },
            {
              "name": "SCOSA-2005.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
            },
            {
              "name": "oval:org.mitre.oval:def:9163",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9163"
            },
            {
              "name": "1010495",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1010495"
            },
            {
              "name": "11863",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11863"
            },
            {
              "name": "10546",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10546"
            },
            {
              "name": "GLSA-200406-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200406-17.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0607",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20040615 Re: authentication bug in KAME\u0027s racoon",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108731967126033\u0026w=2"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=245982",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=245982"
                },
                {
                  "name": "7113",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/7113"
                },
                {
                  "name": "11877",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11877"
                },
                {
                  "name": "20040614 authentication bug in KAME\u0027s racoon",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108726102304507\u0026w=2"
                },
                {
                  "name": "racoon-eaycheckx509cert-auth-bypass(16414)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16414"
                },
                {
                  "name": "RHSA-2004:308",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-308.html"
                },
                {
                  "name": "SCOSA-2005.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
                },
                {
                  "name": "oval:org.mitre.oval:def:9163",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9163"
                },
                {
                  "name": "1010495",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1010495"
                },
                {
                  "name": "11863",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11863"
                },
                {
                  "name": "10546",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10546"
                },
                {
                  "name": "GLSA-200406-17",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200406-17.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0607",
        "datePublished": "2004-06-30T04:00:00.000Z",
        "dateReserved": "2004-06-29T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:24:26.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0392 (GCVE-0-2004-0392)

    Vulnerability from nvd – Published: 2004-05-06 04:00 – Updated: 2024-08-08 00:17
    VLAI
    Summary
    racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2004-04-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:17:14.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html"
              },
              {
                "name": "racoon-isakmp-dos(15893)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://orange.kame.net/dev/query-pr.cgi?pr=555"
              },
              {
                "name": "SCOSA-2005.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-04-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) \"Security Association Next Payload\" and (2) \"RESERVED\" fields."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html"
            },
            {
              "name": "racoon-isakmp-dos(15893)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://orange.kame.net/dev/query-pr.cgi?pr=555"
            },
            {
              "name": "SCOSA-2005.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0392",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) \"Security Association Next Payload\" and (2) \"RESERVED\" fields."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html"
                },
                {
                  "name": "racoon-isakmp-dos(15893)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893"
                },
                {
                  "name": "http://orange.kame.net/dev/query-pr.cgi?pr=555",
                  "refsource": "CONFIRM",
                  "url": "http://orange.kame.net/dev/query-pr.cgi?pr=555"
                },
                {
                  "name": "SCOSA-2005.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0392",
        "datePublished": "2004-05-06T04:00:00.000Z",
        "dateReserved": "2004-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:17:14.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0155 (GCVE-0-2004-0155)

    Vulnerability from nvd – Published: 2004-04-16 04:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://www.mandrakesecure.net/en/advisories/advis… vendor-advisoryx_refsource_MANDRAKE
    http://marc.info/?l=bugtraq&m=108369640424244&w=2 vendor-advisoryx_refsource_APPLE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005… vendor-advisoryx_refsource_SCO
    http://www.gentoo.org/security/en/glsa/glsa-20040… vendor-advisoryx_refsource_GENTOO
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/11328 third-party-advisoryx_refsource_SECUNIA
    http://www.kb.cert.org/vuls/id/552398 third-party-advisoryx_refsource_CERT-VN
    http://www.redhat.com/support/errata/RHSA-2004-165.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/10072 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=108136746911000&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2004-04-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.501Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDKSA-2004:027",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:027"
              },
              {
                "name": "MDKSA-2004:069",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069"
              },
              {
                "name": "APPLE-SA-2004-05-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:9291",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291"
              },
              {
                "name": "SCOSA-2005.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
              },
              {
                "name": "GLSA-200406-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml"
              },
              {
                "name": "oval:org.mitre.oval:def:945",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945"
              },
              {
                "name": "11328",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11328"
              },
              {
                "name": "VU#552398",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/552398"
              },
              {
                "name": "RHSA-2004:165",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-165.html"
              },
              {
                "name": "10072",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10072"
              },
              {
                "name": "20040407 CAN-2004-0155:  The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108136746911000\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-04-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "MDKSA-2004:027",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:027"
            },
            {
              "name": "MDKSA-2004:069",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069"
            },
            {
              "name": "APPLE-SA-2004-05-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:9291",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291"
            },
            {
              "name": "SCOSA-2005.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
            },
            {
              "name": "GLSA-200406-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:945",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945"
            },
            {
              "name": "11328",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11328"
            },
            {
              "name": "VU#552398",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/552398"
            },
            {
              "name": "RHSA-2004:165",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-165.html"
            },
            {
              "name": "10072",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10072"
            },
            {
              "name": "20040407 CAN-2004-0155:  The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108136746911000\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0155",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDKSA-2004:027",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:027"
                },
                {
                  "name": "MDKSA-2004:069",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069"
                },
                {
                  "name": "APPLE-SA-2004-05-03",
                  "refsource": "APPLE",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:9291",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9291"
                },
                {
                  "name": "SCOSA-2005.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
                },
                {
                  "name": "GLSA-200406-17",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-17.xml"
                },
                {
                  "name": "oval:org.mitre.oval:def:945",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A945"
                },
                {
                  "name": "11328",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11328"
                },
                {
                  "name": "VU#552398",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/552398"
                },
                {
                  "name": "RHSA-2004:165",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-165.html"
                },
                {
                  "name": "10072",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10072"
                },
                {
                  "name": "20040407 CAN-2004-0155:  The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108136746911000\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0155",
        "datePublished": "2004-04-16T04:00:00.000Z",
        "dateReserved": "2004-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0403 (GCVE-0-2004-0403)

    Vulnerability from nvd – Published: 2004-04-16 04:00 – Updated: 2024-08-08 00:17
    VLAI
    Summary
    Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.mandrakesecure.net/en/advisories/advis… vendor-advisoryx_refsource_MANDRAKE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://securitytracker.com/id?1009937 vdb-entryx_refsource_SECTRACK
    http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-9… x_refsource_CONFIRM
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://marc.info/?l=bugtraq&m=108369640424244&w=2 vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/11877 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005… vendor-advisoryx_refsource_SCO
    http://www.securityfocus.com/bid/10172 vdb-entryx_refsource_BID
    http://secunia.com/advisories/11410 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200404-17.xml vendor-advisoryx_refsource_GENTOO
    http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
    http://www.osvdb.org/5491 vdb-entryx_refsource_OSVDB
    http://www.redhat.com/support/errata/RHSA-2004-165.html vendor-advisoryx_refsource_REDHAT
    http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kam… x_refsource_CONFIRM
    Date Public
    2004-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:17:14.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDKSA-2004:069",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069"
              },
              {
                "name": "oval:org.mitre.oval:def:984",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A984"
              },
              {
                "name": "1009937",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1009937"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html"
              },
              {
                "name": "20040506-01-U",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20040506-01-U.asc"
              },
              {
                "name": "racoon-isakmp-dos(15893)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893"
              },
              {
                "name": "oval:org.mitre.oval:def:11220",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11220"
              },
              {
                "name": "APPLE-SA-2004-05-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
              },
              {
                "name": "11877",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11877"
              },
              {
                "name": "SCOSA-2005.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
              },
              {
                "name": "10172",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10172"
              },
              {
                "name": "11410",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11410"
              },
              {
                "name": "GLSA-200404-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200404-17.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=232288"
              },
              {
                "name": "5491",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/5491"
              },
              {
                "name": "RHSA-2004:165",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-165.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180\u0026r2=1.181"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "MDKSA-2004:069",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069"
            },
            {
              "name": "oval:org.mitre.oval:def:984",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A984"
            },
            {
              "name": "1009937",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1009937"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html"
            },
            {
              "name": "20040506-01-U",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040506-01-U.asc"
            },
            {
              "name": "racoon-isakmp-dos(15893)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893"
            },
            {
              "name": "oval:org.mitre.oval:def:11220",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11220"
            },
            {
              "name": "APPLE-SA-2004-05-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
            },
            {
              "name": "11877",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11877"
            },
            {
              "name": "SCOSA-2005.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
            },
            {
              "name": "10172",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10172"
            },
            {
              "name": "11410",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11410"
            },
            {
              "name": "GLSA-200404-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200404-17.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=232288"
            },
            {
              "name": "5491",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/5491"
            },
            {
              "name": "RHSA-2004:165",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-165.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180\u0026r2=1.181"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0403",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDKSA-2004:069",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069"
                },
                {
                  "name": "oval:org.mitre.oval:def:984",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A984"
                },
                {
                  "name": "1009937",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1009937"
                },
                {
                  "name": "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html"
                },
                {
                  "name": "20040506-01-U",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20040506-01-U.asc"
                },
                {
                  "name": "racoon-isakmp-dos(15893)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893"
                },
                {
                  "name": "oval:org.mitre.oval:def:11220",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11220"
                },
                {
                  "name": "APPLE-SA-2004-05-03",
                  "refsource": "APPLE",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
                },
                {
                  "name": "11877",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11877"
                },
                {
                  "name": "SCOSA-2005.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt"
                },
                {
                  "name": "10172",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10172"
                },
                {
                  "name": "11410",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11410"
                },
                {
                  "name": "GLSA-200404-17",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200404-17.xml"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=232288",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=232288"
                },
                {
                  "name": "5491",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/5491"
                },
                {
                  "name": "RHSA-2004:165",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-165.html"
                },
                {
                  "name": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180\u0026r2=1.181",
                  "refsource": "CONFIRM",
                  "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180\u0026r2=1.181"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0403",
        "datePublished": "2004-04-16T04:00:00.000Z",
        "dateReserved": "2004-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:17:14.610Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0164 (GCVE-0-2004-0164)

    Vulnerability from nvd – Published: 2004-02-19 05:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2004-01-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.249Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:9737",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9737"
              },
              {
                "name": "oval:org.mitre.oval:def:947",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A947"
              },
              {
                "name": "9417",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9417"
              },
              {
                "name": "9416",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9416"
              },
              {
                "name": "openbsd-isakmp-invalidspi-delete-sa(14117)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14117"
              },
              {
                "name": "20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107411758202662\u0026w=2"
              },
              {
                "name": "NetBSD-SA2004-001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc"
              },
              {
                "name": "20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107403331309838\u0026w=2"
              },
              {
                "name": "openbsd-isakmp-initialcontact-delete-sa(14118)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14118"
              },
              {
                "name": "APPLE-SA-2004-02-23",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-01-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:9737",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9737"
            },
            {
              "name": "oval:org.mitre.oval:def:947",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A947"
            },
            {
              "name": "9417",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9417"
            },
            {
              "name": "9416",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9416"
            },
            {
              "name": "openbsd-isakmp-invalidspi-delete-sa(14117)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14117"
            },
            {
              "name": "20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107411758202662\u0026w=2"
            },
            {
              "name": "NetBSD-SA2004-001",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc"
            },
            {
              "name": "20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107403331309838\u0026w=2"
            },
            {
              "name": "openbsd-isakmp-initialcontact-delete-sa(14118)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14118"
            },
            {
              "name": "APPLE-SA-2004-02-23",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0164",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:9737",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9737"
                },
                {
                  "name": "oval:org.mitre.oval:def:947",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A947"
                },
                {
                  "name": "9417",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9417"
                },
                {
                  "name": "9416",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9416"
                },
                {
                  "name": "openbsd-isakmp-invalidspi-delete-sa(14117)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14117"
                },
                {
                  "name": "20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107411758202662\u0026w=2"
                },
                {
                  "name": "NetBSD-SA2004-001",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc"
                },
                {
                  "name": "20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107403331309838\u0026w=2"
                },
                {
                  "name": "openbsd-isakmp-initialcontact-delete-sa(14118)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14118"
                },
                {
                  "name": "APPLE-SA-2004-02-23",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0164",
        "datePublished": "2004-02-19T05:00:00.000Z",
        "dateReserved": "2004-02-18T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }