SCOSA-2005.10

20040407 CAN-2004-0155:  The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections

APPLE-SA-2004-05-03

11328

GLSA-200406-17

VU#552398

MDKSA-2004:069

MDKSA-2004:027

RHSA-2004:165

10072

oval:org.mitre.oval:def:9291

oval:org.mitre.oval:def:945

Ralf Spenneberg discovered a serious flaw in racoon. When using Phase 1 main or aggressive mode, racoon does not verify the client's RSA signature. Any installations using X.509 authentication are strongly urged to upgrade.

Installations using pre-shared keys are believed to be unaffected.

The remote host is affected by the vulnerability described in GLSA-200406-17 (IPsec-Tools: authentication bug in racoon)

    The KAME IKE daemon racoon is used to authenticate peers during Phase 1     when using either preshared keys, GSS-API, or RSA signatures. When     using RSA signatures racoon validates the X.509 certificate but not the     RSA signature.
  Impact :

    By sending a valid and trusted X.509 certificate and any private key an     attacker could exploit this vulnerability to perform man-in-the-middle     attacks and initiate unauthorized connections.
  Workaround :

    There is no known workaround at this time. All users are encouraged to     upgrade to the latest available version.

A vulnerability in racoon prior to version 20040408a would allow a remote attacker to cause a DoS (memory consumption) via an ISAKMP packet with a large length field.

Another vulnerability in racoon was discovered where, when using RSA signatures, racoon would validate the X.509 certificate but would not validate the signature. This can be exploited by an attacker sending a valid and trusted X.509 certificate and any private key. Using this, they could perform a man-in-the-middle attack and initiate an unauthorized connection. This has been fixed in ipsec-tools 0.3.3.

The updated packages contain patches backported from 0.3.3 to correct the problem.

A very serious security flaw was discovered by Ralf Spenneberg in racoon, the IKE daemon of the KAME-tools. Racoon does not very the RSA signature during phase one of a connection using either main or aggressive mode. Only the certificate of the client is verified, the certificate is not used to verify the client's signature.

All versions of ipsec-tools prior to 0.2.5 and 0.3rc5 are vulnerable to this issue. The provided package updates ipsec-tools to 0.2.5.

The following package needs to be updated: racoon

The remote host is missing Security Update 2004-05-03.
This security update includes updates for AFP Server, CoreFoundation, and IPSec.

It also includes Security Update 2004-04-05, which includes updates for CUPS, libxml2, Mail, and OpenSSL.

For Mac OS X 10.2.8, it also includes updates for Apache 1.3, cd9660.util, Classic, CUPS, Directory Services, DiskArbitration, fetchmail, fs_usage, gm4, groff, Mail, OpenSSL, Personal File Sharing, PPP, rsync, Safari, System Configuration, System Initialization, and zlib.

This update fixes various issues which may allow an attacker to execute arbitrary code on the remote host.

An updated ipsec-tools package that fixes vulnerabilities in racoon (the ISAKMP daemon) is now available.

IPSEC uses strong cryptography to provide both authentication and encryption services.

With versions of ipsec-tools prior to 0.2.3, it was possible for an attacker to cause unauthorized deletion of SA (Security Associations.) The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0164 to this issue.

With versions of ipsec-tools prior to 0.2.5, the RSA signature on x.509 certificates was not properly verified when using certificate based authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0155 to this issue.

When ipsec-tools receives an ISAKMP header, it will attempt to allocate sufficient memory for the entire ISAKMP message according to the header's length field. If an attacker crafts an ISAKMP header with a extremely large value in the length field, racoon may exceed operating system resource limits and be terminated, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0403 to this issue.

User of IPSEC should upgrade to this updated package, which contains ipsec-tools version 0.25 along with a security patch for CVE-2004-0403 which resolves all these issues.

ID	Name	Product	Family	Severity
37923	FreeBSD : racoon fails to verify signature during Phase 1 (d8769838-8814-11d8-90d1-0020ed76ef5a)	Nessus	FreeBSD Local Security Checks	high
14528	GLSA-200406-17 : IPsec-Tools: authentication bug in racoon	Nessus	Gentoo Local Security Checks	critical
14168	Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2004:069)	Nessus	Mandriva Local Security Checks	high
14126	Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2004:027)	Nessus	Mandriva Local Security Checks	high
12608	FreeBSD : racoon fails to verify signature during Phase 1 (163)	Nessus	FreeBSD Local Security Checks	high
12518	Mac OS X Multiple Vulnerabilities (Security Update 2004-05-03)	Nessus	MacOS X Local Security Checks	high
12488	RHEL 3 : ipsec-tools (RHSA-2004:165)	Nessus	Red Hat Local Security Checks	high

CVE-2004-0155

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

critical

high

high

high

high

high