CVE-2004-0607

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0640%

EPSS Percentile3.25th

PublishedDec 6, 2004

Last ModifiedApr 16, 2026

Vulnerability Description

The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.

Affected Platforms (CPE)

📦

Ipsec Tools

= 0.3

📦

Ipsec Tools

= 0.3.1

📦

Ipsec Tools

= 0.3.2

📦

Ipsec Tools

= 0.3_rc1

📦

Ipsec Tools

= 0.3_rc2

📦

Ipsec Tools

= 0.3_rc3

📦

Ipsec Tools

= 0.3_rc4

📦

Ipsec Tools

= 0.3_rc5

📦

Kame

Racoon

All versions

📦

Kame

Racoon

= 2003-07-11

📦

Kame

Racoon

= 2004-04-05

📦

Kame

Racoon

= 2004-04-07b

📦

Kame

Racoon

= 2004-05-03

💻

Redhat

Enterprise Linux

= 3.0

💻

Redhat

Enterprise Linux

= 3.0

💻

Redhat

Enterprise Linux

= 3.0

💻

Redhat

Enterprise Linux Desktop

= 3.0

References & Advisories

🔗 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt

🔗 http://marc.info/?l=bugtraq&m=108726102304507&w=2

🔗 http://marc.info/?l=bugtraq&m=108731967126033&w=2

🔗 http://secunia.com/advisories/11863

🔗 http://secunia.com/advisories/11877

🔗 http://security.gentoo.org/glsa/glsa-200406-17.xml

🔗 http://securitytracker.com/id?1010495

🔗 http://sourceforge.net/project/shownotes.php?release_id=245982

Vulnerability Description

Affected Platforms (CPE)

Ipsec Tools

Ipsec Tools

Ipsec Tools

Ipsec Tools

Ipsec Tools

Ipsec Tools

Ipsec Tools

Ipsec Tools

Racoon

Racoon

Racoon

Racoon

Racoon

Enterprise Linux

Enterprise Linux

Enterprise Linux

Enterprise Linux Desktop

References & Advisories

Related Vulnerabilities