Ralf Spenneberg
2004-Apr-07 02:09 UTC
Possible security hole in racoon verified on FreeBSD using racoon-20030711
Hi, while testing racoon on Linux (based on the ported ipsec-tools) the following issue appeared: Racoon did not verify the RSA Signatures during Phase 1 in either main or aggressive mode. Authentication was possible using a correct certificate and a wrong private key. I have verified the below problem using racoon-20030711 on FreeBSD 4.9. I will test it using the SNAP Kit but suspect it to be vulnerable, too. Probably other implementations like racoon and MacOSX are vulnerable, too. On Linux the issue was resolved with the attached patch. Could you look into this? I would like to publish a Bugtraq report after the weekend, provided that you have confirmed that either your racoon is not vulnerable or you have patches available. Regards, Ralf -- Ralf Spenneberg UNIX/Linux Trainer and Consultant, RHCE, RHCX Waldring 34 48565 Steinfurt Germany Fon: +49(0)2552 638 755 Fax: +49(0)2552 638 757 Mobil: +49(0)177 567 27 40 Markt+Technik Buch: Intrusion Detection f?r Linux Server Addison-Wesley Buch: VPN mit Linux IPsec-Howto: http://www.ipsec-howto.org IPsec/PPTP Kernels for Red Hat Linux: http://www.spenneberg.com/.net/.org/.de Honeynet Project Mirror: http://honeynet.spenneberg.org Snort Mirror: http://snort.spenneberg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040407/53a9df78/attachment.bin
Devon H. O'Dell
2004-Apr-07 03:14 UTC
Possible security hole in racoon verified on FreeBSD using racoon-20030711
Ralf Spenneberg wrote: [snip]> On Linux the issue was resolved with the attached patch.Hey Ralf, The patch didn't make it to our (FreeBSD) list; I suspect the others have not received the patch as well. Additionally, this (security@freebsd.org) is a public mailing list, so you just disclosed the problem ;) Kind regards, Devon H. O'Dell