Skip site navigation (1)Skip section navigation (2) 
Date:      07 Apr 2004 07:15:03 +0200
From:      Ralf Spenneberg <ralf@spenneberg.net>
To:        security@freebsd.org, security@netbsd.org, security@apple.com
Subject:   Possible security hole in racoon verified on FreeBSD using racoon-20030711
Message-ID:  <1081314902.1942.11.camel@kermit>
next in thread | raw e-mail | index | archive | help 

--=-hLigAB+aOuKdFsHCocjH
Content-Type: multipart/mixed; boundary="=-1hAf2v3ari2YoMTtDRtW"


--=-1hAf2v3ari2YoMTtDRtW
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Hi,

while testing racoon on Linux (based on the ported ipsec-tools) the
following issue appeared:
Racoon did not verify the RSA Signatures during Phase 1 in either main
or aggressive mode.
Authentication was possible using a correct certificate and a wrong
private key.

I have verified the below problem using racoon-20030711 on FreeBSD 4.9. I w=
ill test
it using the SNAP Kit but suspect it to be vulnerable, too.

Probably other implementations like racoon and MacOSX are vulnerable, too.

On Linux the issue was resolved with the attached patch.

Could you look into this?

I would like to publish a Bugtraq report after the weekend, provided that y=
ou have confirmed
that either your racoon is not vulnerable or you have patches available.

Regards,

Ralf
--=20
Ralf Spenneberg
UNIX/Linux Trainer and Consultant, RHCE, RHCX
Waldring 34                             48565 Steinfurt         Germany
Fon: +49(0)2552 638 755                 Fax: +49(0)2552 638 757
Mobil: +49(0)177 567 27 40
=20
Markt+Technik Buch:                     Intrusion Detection f=FCr Linux Ser=
ver
Addison-Wesley Buch: 			VPN mit Linux
IPsec-Howto:                                http://www.ipsec-howto.org
IPsec/PPTP Kernels for Red Hat Linux:   http://www.spenneberg.com/.net/.org=
/.de
Honeynet Project Mirror:                http://honeynet.spenneberg.org
Snort Mirror:                           http://snort.spenneberg.org

--=-1hAf2v3ari2YoMTtDRtW--

--=-hLigAB+aOuKdFsHCocjH
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: Dies ist ein digital signierter Nachrichtenteil

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQBAc45WbQ9NVvVkhHcRAjThAJ9/D2k3XUe48SKr0QAZShGJCd2PGACfb+hV
MF6xvytj+70zB9wP+u7g4Y4=
=4L7e
-----END PGP SIGNATURE-----

--=-hLigAB+aOuKdFsHCocjH--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1081314902.1942.11.camel>