VDB
CVE-2004-0607
CVE-2004-0607
PUBLISHED
CVSS 10 CRITICAL
The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.
EPSS 3.01% · 86.9th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
3.01%
86.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| kame | racoon | *, 2003-07-11, 2004-04-05 |
| ipsec-tools | ipsec-tools | 0.3_rc1, 0.3_rc2, 0.3_rc4 |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | enterprise_linux | 3.0, 3.0, 3.0 |
| n/a | n/a | n/a |
Timeline
- Jun 30, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 20040615 Re: authentication bug in KAME's racoon mailing-list
- http://sourceforge.net/project/shownotes.php?release_id=245982 url
- 7113 vdb
- 11877 third-party-advisory
- 20040614 authentication bug in KAME's racoon mailing-list
- racoon-eaycheckx509cert-auth-bypass(16414) vdb
- RHSA-2004:308 vendor-advisory
- SCOSA-2005.10 vendor-advisory
- oval:org.mitre.oval:def:9163 vdb
- 1010495 vdb
- 11863 third-party-advisory
- 10546 vdb
- GLSA-200406-17 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2004-0607 advisory