Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2224

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2224
Last Modified 31 Mar 2011 12:00:00
Published 05 May 2006 03:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2224

Summary

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.

Vulnerable Systems

Application

  • Quagga Routing Software Suite 0.95

  • Quagga Routing Software Suite 0.96.2

  • Quagga Routing Software Suite 0.96.3

  • Quagga Routing Software Suite 0.98.5

  • Quagga Routing Software Suite 0.99.3


References

BID - 17808

SECUNIA - 19910

CONFIRM - http://bugzilla.quagga.net/show_bug.cgi?id=262

XF - quagga-ripd-ripv1-response-security-bypass(26251)

UBUNTU - USN-284-1

BUGTRAQ - 20060503 Quagga RIPD unauthenticated route injection

BUGTRAQ - 20060503 Re: Quagga RIPD unauthenticated route injection

REDHAT - RHSA-2006:0533

REDHAT - RHSA-2006:0525

OSVDB - 25225

SUSE - SUSE-SR:2006:017

GENTOO - GLSA-200605-15

DEBIAN - DSA-1059

SECTRACK - 1016204

SECUNIA - 21159

SECUNIA - 20782

SECUNIA - 20421

SECUNIA - 20420

SECUNIA - 20221

SECUNIA - 20138

SECUNIA - 20137

SGI - 20060602-01-U


Last Updated: 27 May 2016 10:42:23