Unrated severityNVD Advisory· Published Dec 6, 2004· Updated Apr 16, 2026
CVE-2004-0607
CVE-2004-0607
Description
The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.
Affected products
17cpe:2.3:a:ipsec-tools:ipsec-tools:0.3:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:ipsec-tools:ipsec-tools:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ipsec-tools:ipsec-tools:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ipsec-tools:ipsec-tools:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ipsec-tools:ipsec-tools:0.3_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:ipsec-tools:ipsec-tools:0.3_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:ipsec-tools:ipsec-tools:0.3_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:ipsec-tools:ipsec-tools:0.3_rc4:*:*:*:*:*:*:*
- cpe:2.3:a:ipsec-tools:ipsec-tools:0.3_rc5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- security.gentoo.org/glsa/glsa-200406-17.xmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/10546nvdVendor Advisory
- ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txtnvd
- marc.infonvd
- marc.infonvd
- secunia.com/advisories/11863nvd
- secunia.com/advisories/11877nvd
- securitytracker.com/idnvd
- sourceforge.net/project/shownotes.phpnvd
- www.osvdb.org/7113nvd
- www.redhat.com/support/errata/RHSA-2004-308.htmlnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/16414nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9163nvd
News mentions
0No linked articles in our index yet.