This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
f8551668-de09-4d7b-9720-f1360929df07 | tcpdump ISAKMP payload handling remote denial-of-service Chad Loder has discovered vulnerabilities in tcpdump's ISAKMP protocol handler. During an audit to repair these issues, Bill Fenner discovered some related problems. These vulnerabilities may be used by an attacker to crash a running `tcpdump' process. They can only be triggered if the `-v' command line option is being used. NOTE: the racoon ISAKMP/IKE daemon incorporates the ISAKMP protocol handler from tcpdump, and so is also affected by this issue. Discovery 2004-03-12 Entry 2004-03-31 Modified 2016-08-11 tcpdump < 3.8.3 racoon < 20040408a FreeBSD < 5.2.1 http://marc.theaimsgroup.com/?l=bugtraq&m=108067265931525 http://www.rapid7.com/advisories/R7-0017.html CVE-2004-0183 CVE-2004-0184 |
2328adef-157c-11d9-8402-000d93664d5c | racoon -- improper certificate handling Thomas Walpuski noted when OpenSSL would detect an error condition for a peer certificate, racoon mistakenly ignored the error. This could allow five invalid certificate states to properly be used for authentication. Discovery 2004-01-31 Entry 2004-10-03 racoon < 20040818a http://marc.theaimsgroup.com/?l=bugtraq&m=108726102304507 http://www.kame.net/racoon/racoon-ml/msg00517.html |
ccd698df-8e20-11d8-90d1-0020ed76ef5a | racoon remote denial of service vulnerability (ISAKMP header length field) When racoon receives an ISAKMP header, it will attempt to allocate sufficient memory for the entire ISAKMP message according to the header's length field. If an attacker crafts an ISAKMP header with a ridiculously large value in the length field, racoon may exceed operating system resource limits and be terminated, resulting in a denial of service. Discovery 2004-03-31 Entry 2004-04-14 racoon < 20040408a CVE-2004-0403 http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181 |
40fcf20f-8891-11d8-90d1-0020ed76ef5a | racoon remote denial of service vulnerability (IKE Generic Payload Header) When racoon receives an IKE message with an incorrectly constructed Generic Payload Header, it may behave erratically, going into a tight loop and dropping connections. Discovery 2003-12-03 Entry 2004-04-07 Modified 2004-04-14 racoon < 20040407b CVE-2004-0392 http://orange.kame.net/dev/query-pr.cgi?pr=555 |
3b260179-e464-460d-bf9f-d5cda6204020 | racoon -- remote denial-of-service Sebastian Krahmer discovered that the racoon ISAKMP daemon could be crashed with a maliciously crafted UDP packet. No authentication is required in order to perform the attack. Discovery 2005-03-12 Entry 2005-06-03 racoon < 20050510a CVE-2005-0398 http://sourceforge.net/mailarchive/forum.php?thread_id=6787713&forum_id=32000 http://xforce.iss.net/xforce/xfdb/19707 https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966&action=view |
739bb51d-7e82-11d8-9645-0020ed76ef5a | racoon security association deletion vulnerability A remote attacker may use specially crafted IKE/ISAKMP messages to cause racoon to delete security associations. This could result in denial-of-service or possibly cause sensitive traffic to be transmitted in plaintext, depending upon configuration. Discovery 2004-01-13 Entry 2004-03-25 Modified 2004-03-29 racoon < 20040116a http://www.securityfocus.com/archive/1/349756 9416 9417 CVE-2004-0164 |
d8769838-8814-11d8-90d1-0020ed76ef5a | racoon fails to verify signature during Phase 1 Ralf Spenneberg discovered a serious flaw in racoon. When using Phase 1 main or aggressive mode, racoon does not verify the client's RSA signature. Any installations using X.509 authentication are strongly urged to upgrade. Installations using pre-shared keys are believed to be unaffected. Discovery 2004-04-05 Entry 2004-04-07 racoon < 20040407b CVE-2004-0155 http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/crypto_openssl.c?rev=1.84&content-type=text/x-cvsweb-markup |