VYPR

Racoon

by Kame

CVEs (6)

  • CVE-2004-0164Mar 3, 2004
    risk 0.04cvss epss 0.07

    KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in…

  • CVE-2005-0398Mar 14, 2005
    risk 0.00cvss epss 0.02

    The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.

  • CVE-2004-0607Dec 6, 2004
    risk 0.00cvss epss 0.05

    The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.

  • CVE-2004-0392Jun 14, 2004
    risk 0.00cvss epss 0.02

    racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields.

  • CVE-2004-0403Jun 1, 2004
    risk 0.00cvss epss 0.03

    Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.

  • CVE-2004-0155Jun 1, 2004
    risk 0.00cvss epss 0.04

    The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid,…