CVE-2004-0590

Name of the Vulnerable Software and Affected Versions FreeS/WAN versions 1.x through 2.x superfreeswan versions 1.x openswan versions 1.x through 1.0.5 openswan versions 2.x through 2.1.3 strongSwan versions prior to 2.1.3

Description The issue allows remote attackers to authenticate using spoofed PKCS#7 certificates. This is achieved by using a self-signed certificate that identifies an alternate Certificate Authority (CA) and includes spoofed issuer and subject information.

Recommendations For FreeS/WAN versions 1.x and 2.x, update to a version that includes the fix for this issue. For superfreeswan version 1.x, consider disabling the use of PKCS#7 certificates until a patch is available. For openswan versions 1.x through 1.0.5 and 2.x through 2.1.3, update to version 1.0.6 or 2.1.4, respectively. For strongSwan versions prior to 2.1.3, update to version 2.1.3 or later.