FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2328adef-157c-11d9-8402-000d93664d5cracoon -- improper certificate handling

Thomas Walpuski noted when OpenSSL would detect an error condition for a peer certificate, racoon mistakenly ignored the error. This could allow five invalid certificate states to properly be used for authentication.


Discovery 2004-01-31
Entry 2004-10-03
racoon
lt 20040818a

http://marc.theaimsgroup.com/?l=bugtraq&m=108726102304507
http://www.kame.net/racoon/racoon-ml/msg00517.html
3b260179-e464-460d-bf9f-d5cda6204020racoon -- remote denial-of-service

Sebastian Krahmer discovered that the racoon ISAKMP daemon could be crashed with a maliciously crafted UDP packet. No authentication is required in order to perform the attack.


Discovery 2005-03-12
Entry 2005-06-03
racoon
lt 20050510a

CVE-2005-0398
http://sourceforge.net/mailarchive/forum.php?thread_id=6787713&forum_id=32000
http://xforce.iss.net/xforce/xfdb/19707
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966&action=view
739bb51d-7e82-11d8-9645-0020ed76ef5aracoon security association deletion vulnerability

A remote attacker may use specially crafted IKE/ISAKMP messages to cause racoon to delete security associations. This could result in denial-of-service or possibly cause sensitive traffic to be transmitted in plaintext, depending upon configuration.


Discovery 2004-01-13
Entry 2004-03-25
Modified 2004-03-29
racoon
lt 20040116a

http://www.securityfocus.com/archive/1/349756
9416
9417
CVE-2004-0164
d8769838-8814-11d8-90d1-0020ed76ef5aracoon fails to verify signature during Phase 1

Ralf Spenneberg discovered a serious flaw in racoon. When using Phase 1 main or aggressive mode, racoon does not verify the client's RSA signature. Any installations using X.509 authentication are strongly urged to upgrade.

Installations using pre-shared keys are believed to be unaffected.


Discovery 2004-04-05
Entry 2004-04-07
racoon
lt 20040407b

CVE-2004-0155
http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/crypto_openssl.c?rev=1.84&content-type=text/x-cvsweb-markup
f8551668-de09-4d7b-9720-f1360929df07tcpdump ISAKMP payload handling remote denial-of-service

Chad Loder has discovered vulnerabilities in tcpdump's ISAKMP protocol handler. During an audit to repair these issues, Bill Fenner discovered some related problems.

These vulnerabilities may be used by an attacker to crash a running `tcpdump' process. They can only be triggered if the `-v' command line option is being used.

NOTE: the racoon ISAKMP/IKE daemon incorporates the ISAKMP protocol handler from tcpdump, and so is also affected by this issue.


Discovery 2004-03-12
Entry 2004-03-31
Modified 2016-08-11
tcpdump
lt 3.8.3

racoon
lt 20040408a

FreeBSD
lt 5.2.1

http://marc.theaimsgroup.com/?l=bugtraq&m=108067265931525
http://www.rapid7.com/advisories/R7-0017.html
CVE-2004-0183
CVE-2004-0184
40fcf20f-8891-11d8-90d1-0020ed76ef5aracoon remote denial of service vulnerability (IKE Generic Payload Header)

When racoon receives an IKE message with an incorrectly constructed Generic Payload Header, it may behave erratically, going into a tight loop and dropping connections.


Discovery 2003-12-03
Entry 2004-04-07
Modified 2004-04-14
racoon
lt 20040407b

CVE-2004-0392
http://orange.kame.net/dev/query-pr.cgi?pr=555
ccd698df-8e20-11d8-90d1-0020ed76ef5aracoon remote denial of service vulnerability (ISAKMP header length field)

When racoon receives an ISAKMP header, it will attempt to allocate sufficient memory for the entire ISAKMP message according to the header's length field. If an attacker crafts an ISAKMP header with a ridiculously large value in the length field, racoon may exceed operating system resource limits and be terminated, resulting in a denial of service.


Discovery 2004-03-31
Entry 2004-04-14
racoon
lt 20040408a

CVE-2004-0403
http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181