Vulnerability CVE-2004-0590


Published: 2004-12-06   Modified: 2012-02-12

Description:
FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Strongswan -> Strongswan 
Openswan -> Openswan 
Frees wan -> Frees wan 
Frees wan -> Super frees wan 

 References:
http://xforce.iss.net/xforce/xfdb/16515
http://www.openswan.org/support/vuln/can-2004-0590/
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070
http://security.gentoo.org/glsa/glsa-200406-20.xml

Copyright 2024, cxsecurity.com

 

Back to Top