Vulnerability Description
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quagga | Quagga Routing Software Suite | <= 0.99.3 |
Related Weaknesses (CWE)
References
- ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
- http://bugzilla.quagga.net/show_bug.cgi?id=262Patch
- http://secunia.com/advisories/19910PatchVendor Advisory
- http://secunia.com/advisories/20137Vendor Advisory
- http://secunia.com/advisories/20138Vendor Advisory
- http://secunia.com/advisories/20221Vendor Advisory
- http://secunia.com/advisories/20420Vendor Advisory
- http://secunia.com/advisories/20421Vendor Advisory
- http://secunia.com/advisories/20782Vendor Advisory
- http://secunia.com/advisories/21159Vendor Advisory
- http://securitytracker.com/id?1016204
- http://www.debian.org/security/2006/dsa-1059
- http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml
- http://www.novell.com/linux/security/advisories/2006_17_sr.html
- http://www.osvdb.org/25225
FAQ
What is CVE-2006-2224?
CVE-2006-2224 is a vulnerability with a CVSS score of 5.0 (MEDIUM). RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
How severe is CVE-2006-2224?
CVE-2006-2224 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2224?
Check the references section above for vendor advisories and patch information. Affected products include: Quagga Quagga Routing Software Suite.