CVE-2004-0590

Sažetak

FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.

Reference

http://security.gentoo.org/glsa/glsa-200406-20.xml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070
http://www.openswan.org/support/vuln/can-2004-0590/
https://exchange.xforce.ibmcloud.com/vulnerabilities/16515

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-07-2017 - 01:30

Objavljeno

06-12-2004 - 05:00