CVE-2006-2224
published 2006-05-05CVE-2006-2224: RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state…
PriorityP343medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
10.36%
95.1th percentile
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| quagga | quagga | >= 0 < 0.99.3-2 | 0.99.3-2 |
| quagga | quagga_routing_software_suite | <= 0.99.3 | — |
| quagga | quagga_routing_software_suite | — | — |
| quagga | quagga_routing_software_suite | — | — |
| quagga | quagga_routing_software_suite | — | — |
| quagga | quagga_routing_software_suite | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Quagga vulnerabilities
vendor_ubuntu·2006-05-16·CVSS 5.0
CVE-2006-2276 [MEDIUM] Quagga vulnerabilities
Title: Quagga vulnerabilities
Summary: Quagga vulnerabilities
Paul Jakma discovered that Quagga's ripd daemon did not properly
handle authentication of RIPv1 requests. If the RIPv1 protocol had
been disabled, or authentication for RIPv2 had been enabled, ripd
still replied to RIPv1 requests, which could lead to information
disclosure. (CVE-2006-2223)
Paul Jakma also noticed that ripd accepted unauthenticated RIPv1
response packets if RIPv2 was configured to require authentication and
both protocols were allowed. A remote attacker could exploit this to
inject arbitrary routes. (CVE-2006-2224)
Fredrik Widell discovered that Quagga did not properly handle certain
invalid 'sh ip bgp' commands. By sending special commands to Quagga, a
remote attacker with telnet access to the Quagga server
Red Hat
security flaw
vendor_redhat·2006-05-03·CVSS 5.0
CVE-2006-2224 [MEDIUM] security flaw
security flaw
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
GHSA
GHSA-mj28-wp87-qqjj: RIPd in Quagga 0
ghsa_unreviewed·2022-05-03
CVE-2006-2224 [MEDIUM] CWE-287 GHSA-mj28-wp87-qqjj: RIPd in Quagga 0
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
OSV
CVE-2006-2224: RIPd in Quagga 0
osv·2006-05-05·CVSS 5.0
CVE-2006-2224 [MEDIUM] CVE-2006-2224: RIPd in Quagga 0
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
No detection rules found.
Bugzilla
CVE-2006-2224 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2006-2224 [MEDIUM] CVE-2006-2224 security flaw
CVE-2006-2224 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
Bugzilla
CVE-2006-2224 zebra RIPd route injection
bugzilla·2006-05-22·CVSS 5.0
CVE-2006-2224 [MEDIUM] CVE-2006-2224 zebra RIPd route injection
CVE-2006-2224 zebra RIPd route injection
RIPd in Quagga accepts RIPv1 RESPONSE when RIPv2 authentication is
enabled. This condition is possible unless RIPv2 only is specified in
the RIPd configuration. This flaw could allow a remote attacker to
inject a route via RIPv1 RESPONSE packets.
http://bugzilla.quagga.net/show_bug.cgi?id=262
This issue also affects zebra.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0533.html
Bugzilla
CVE-2006-2224 Quagga RIPd route injection
bugzilla·2006-05-08·CVSS 5.0
CVE-2006-2224 [MEDIUM] CVE-2006-2224 Quagga RIPd route injection
CVE-2006-2224 Quagga RIPd route injection
Quagga RIPd route injection
RIPd in Quagga accepts RIPv1 RESPONSE when RIPv2 authentication is enabled. This condition is possible unless RIPv2 only is specified in
the RIPd configuration. This flaw could allow a remote attacker to
inject a route via RIPv1 RESPONSE packets.
http://bugzilla.quagga.net/show_bug.cgi?id=262
This issue also affects FC4
Discussion:
quagga-0.98.6-1.FC5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
Bugzilla
CVE-2006-2224 Quagga RIPd route injection
bugzilla·2006-05-08·CVSS 5.0
CVE-2006-2224 [MEDIUM] CVE-2006-2224 Quagga RIPd route injection
CVE-2006-2224 Quagga RIPd route injection
Quagga RIPd route injection
RIPd in Quagga accepts RIPv1 RESPONSE when RIPv2 authentication is enabled. This condition is possible unless RIPv2 only is specified in
the RIPd configuration. This flaw could allow a remote attacker to
inject a route via RIPv1 RESPONSE packets.
http://bugzilla.quagga.net/show_bug.cgi?id=262
This issue also affects RHEL3
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0525.html
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.aschttp://bugzilla.quagga.net/show_bug.cgi?id=262http://secunia.com/advisories/19910http://secunia.com/advisories/20137http://secunia.com/advisories/20138http://secunia.com/advisories/20221http://secunia.com/advisories/20420http://secunia.com/advisories/20421http://secunia.com/advisories/20782http://secunia.com/advisories/21159http://securitytracker.com/id?1016204http://www.debian.org/security/2006/dsa-1059http://www.gentoo.org/security/en/glsa/glsa-200605-15.xmlhttp://www.novell.com/linux/security/advisories/2006_17_sr.htmlhttp://www.osvdb.org/25225http://www.redhat.com/support/errata/RHSA-2006-0525.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0533.htmlhttp://www.securityfocus.com/archive/1/432823/100/0/threadedhttp://www.securityfocus.com/archive/1/432856/100/0/threadedhttp://www.securityfocus.com/bid/17808https://exchange.xforce.ibmcloud.com/vulnerabilities/26251https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10775https://usn.ubuntu.com/284-1/ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.aschttp://bugzilla.quagga.net/show_bug.cgi?id=262http://secunia.com/advisories/19910http://secunia.com/advisories/20137http://secunia.com/advisories/20138http://secunia.com/advisories/20221http://secunia.com/advisories/20420http://secunia.com/advisories/20421http://secunia.com/advisories/20782http://secunia.com/advisories/21159http://securitytracker.com/id?1016204http://www.debian.org/security/2006/dsa-1059http://www.gentoo.org/security/en/glsa/glsa-200605-15.xmlhttp://www.novell.com/linux/security/advisories/2006_17_sr.htmlhttp://www.osvdb.org/25225http://www.redhat.com/support/errata/RHSA-2006-0525.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0533.htmlhttp://www.securityfocus.com/archive/1/432823/100/0/threadedhttp://www.securityfocus.com/archive/1/432856/100/0/threadedhttp://www.securityfocus.com/bid/17808https://exchange.xforce.ibmcloud.com/vulnerabilities/26251https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10775https://usn.ubuntu.com/284-1/
2006-05-05
Published