CVE-2006-2224 – Quagga Routing Software Suite 0.9x - RIPd RIPv1 RESPONSE Packet Route Injection
https://notcve.org/view.php?id=CVE-2006-2224
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets. RIPd en Quagga 0.98 y 0.99 anteriores a 20060503 no imponen adecuadamente los requerimientos de autenticación de de RIPv2, lo que permite a atacantes remotos modificar el estado de encaminamiento mediante paquetes RIPv1 "RESPONSE". • https://www.exploit-db.com/exploits/27802 ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc http://bugzilla.quagga.net/show_bug.cgi?id=262 http://secunia.com/advisories/19910 http://secunia.com/advisories/20137 http://secunia.com/advisories/20138 http://secunia.com/advisories/20221 http://secunia.com/advisories/20420 http://secunia.com/advisories/20421 http://secunia.com/advisories/20782 http://secunia.com/advisories/21159 http://securitytracker.com • CWE-287: Improper Authentication •
CVE-2003-0858
https://notcve.org/view.php?id=CVE-2003-0858
Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. Zebra anteriores a 0.91 y quagga anteriores a 0.95 permite a usuarios locales causar una denegación de servicio enviando mensajes suplantando a otros usuarios al interfaz del kernel netlink. • http://secunia.com/advisories/10563 http://www.debian.org/security/2004/dsa-415 http://www.redhat.com/support/errata/RHSA-2003-305.html http://www.redhat.com/support/errata/RHSA-2003-307.html http://www.redhat.com/support/errata/RHSA-2003-315.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169 https://access.redhat.com/security/cve/CVE-2003-0858 https://bugzilla.redhat.com/show_bug.cgi?id=1617096 • CWE-399: Resource Management Errors •