FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2328adef-157c-11d9-8402-000d93664d5cracoon -- improper certificate handling

Thomas Walpuski noted when OpenSSL would detect an error condition for a peer certificate, racoon mistakenly ignored the error. This could allow five invalid certificate states to properly be used for authentication.

Discovery 2004-01-31
Entry 2004-10-03
lt 20040818a
40fcf20f-8891-11d8-90d1-0020ed76ef5aracoon remote denial of service vulnerability (IKE Generic Payload Header)

When racoon receives an IKE message with an incorrectly constructed Generic Payload Header, it may behave erratically, going into a tight loop and dropping connections.

Discovery 2003-12-03
Entry 2004-04-07
Modified 2004-04-14
lt 20040407b

d8769838-8814-11d8-90d1-0020ed76ef5aracoon fails to verify signature during Phase 1

Ralf Spenneberg discovered a serious flaw in racoon. When using Phase 1 main or aggressive mode, racoon does not verify the client's RSA signature. Any installations using X.509 authentication are strongly urged to upgrade.

Installations using pre-shared keys are believed to be unaffected.

Discovery 2004-04-05
Entry 2004-04-07
lt 20040407b

ccd698df-8e20-11d8-90d1-0020ed76ef5aracoon remote denial of service vulnerability (ISAKMP header length field)

When racoon receives an ISAKMP header, it will attempt to allocate sufficient memory for the entire ISAKMP message according to the header's length field. If an attacker crafts an ISAKMP header with a ridiculously large value in the length field, racoon may exceed operating system resource limits and be terminated, resulting in a denial of service.

Discovery 2004-03-31
Entry 2004-04-14
lt 20040408a

3b260179-e464-460d-bf9f-d5cda6204020racoon -- remote denial-of-service

Sebastian Krahmer discovered that the racoon ISAKMP daemon could be crashed with a maliciously crafted UDP packet. No authentication is required in order to perform the attack.

Discovery 2005-03-12
Entry 2005-06-03
lt 20050510a

f8551668-de09-4d7b-9720-f1360929df07tcpdump ISAKMP payload handling remote denial-of-service

Chad Loder has discovered vulnerabilities in tcpdump's ISAKMP protocol handler. During an audit to repair these issues, Bill Fenner discovered some related problems.

These vulnerabilities may be used by an attacker to crash a running `tcpdump' process. They can only be triggered if the `-v' command line option is being used.

NOTE: the racoon ISAKMP/IKE daemon incorporates the ISAKMP protocol handler from tcpdump, and so is also affected by this issue.

Discovery 2004-03-12
Entry 2004-03-31
Modified 2016-08-11
lt 3.8.3

lt 20040408a

lt 5.2.1
739bb51d-7e82-11d8-9645-0020ed76ef5aracoon security association deletion vulnerability

A remote attacker may use specially crafted IKE/ISAKMP messages to cause racoon to delete security associations. This could result in denial-of-service or possibly cause sensitive traffic to be transmitted in plaintext, depending upon configuration.

Discovery 2004-01-13
Entry 2004-03-25
Modified 2004-03-29
lt 20040116a