Red Hat Bugzilla – Bug 126568
CAN-2004-0607 racoon authentication bug
Last modified: 2014-03-16 22:46:19 EDT
Reported to bugtraq on Jun15 an issue that affects all versions of
racoon due to the poor verification of x509 certificates in the
OpenSSL callback. See:
This is fixed in 0.3.3 by splitting the callback; this fix will need
backported to 0.2.2 as shipped with RHEL3.
Affects: 3AS 3WS 3ES 3Desktop
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.