Racoon IKE Daemon Unauthorized X.509 Certificate Connection Vulnerability

The racoon IKE daemon is prone to a security vulnerability that may allow unauthorized access. This issue may allow holders of valid X.509 certificates to make unauthorized connections to the VPN without being required to have the corresponding private key. Man-in-the-middle attacks are also possible.

This issue affects the racoon daemon included in IPsec-Tools for Linux 2.6 Kernel and the version included in KAME's IPsec utilities.


 

Privacy Statement
Copyright 2010, SecurityFocus