CVE-2006-2224

Quagga Routing Software Suite 0.9x - RIPd RIPv1 RESPONSE Packet Route Injection

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.

RIPd en Quagga 0.98 y 0.99 anteriores a 20060503 no imponen adecuadamente los requerimientos de autenticación de de RIPv2, lo que permite a atacantes remotos modificar el estado de encaminamiento mediante paquetes RIPv1 "RESPONSE".

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-05-03 First Exploit
2006-05-05 CVE Reserved
2006-05-05 CVE Published
2024-08-07 CVE Updated
2024-08-24 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-287: Improper Authentication

CAPEC

References (26)

URL	Tag	Source
http://securitytracker.com/id?1016204	Vdb Entry
http://www.osvdb.org/25225	Vdb Entry
http://www.securityfocus.com/archive/1/432823/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/432856/100/0/threaded	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/26251	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10775	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/27802	2006-05-03
http://www.securityfocus.com/bid/17808	2024-08-07

URL	Date	SRC
http://bugzilla.quagga.net/show_bug.cgi?id=262	2018-10-18
http://secunia.com/advisories/19910	2018-10-18

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc	2018-10-18
http://secunia.com/advisories/20137	2018-10-18
http://secunia.com/advisories/20138	2018-10-18
http://secunia.com/advisories/20221	2018-10-18
http://secunia.com/advisories/20420	2018-10-18
http://secunia.com/advisories/20421	2018-10-18
http://secunia.com/advisories/20782	2018-10-18
http://secunia.com/advisories/21159	2018-10-18
http://www.debian.org/security/2006/dsa-1059	2018-10-18
http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml	2018-10-18
http://www.novell.com/linux/security/advisories/2006_17_sr.html	2018-10-18
http://www.redhat.com/support/errata/RHSA-2006-0525.html	2018-10-18
http://www.redhat.com/support/errata/RHSA-2006-0533.html	2018-10-18
https://usn.ubuntu.com/284-1	2018-10-18
https://access.redhat.com/security/cve/CVE-2006-2224	2006-06-01
https://bugzilla.redhat.com/show_bug.cgi?id=1618092	2006-06-01

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Quagga Search vendor "Quagga"		Quagga Routing Software Suite Search vendor "Quagga" for product "Quagga Routing Software Suite"				<= 0.99.3 Search vendor "Quagga" for product "Quagga Routing Software Suite" and version " <= 0.99.3"		-		Affected
Quagga Search vendor "Quagga"		Quagga Routing Software Suite Search vendor "Quagga" for product "Quagga Routing Software Suite"				0.95 Search vendor "Quagga" for product "Quagga Routing Software Suite" and version "0.95"		-		Affected
Quagga Search vendor "Quagga"		Quagga Routing Software Suite Search vendor "Quagga" for product "Quagga Routing Software Suite"				0.96.2 Search vendor "Quagga" for product "Quagga Routing Software Suite" and version "0.96.2"		-		Affected
Quagga Search vendor "Quagga"		Quagga Routing Software Suite Search vendor "Quagga" for product "Quagga Routing Software Suite"				0.96.3 Search vendor "Quagga" for product "Quagga Routing Software Suite" and version "0.96.3"		-		Affected
Quagga Search vendor "Quagga"		Quagga Routing Software Suite Search vendor "Quagga" for product "Quagga Routing Software Suite"				0.98.5 Search vendor "Quagga" for product "Quagga Routing Software Suite" and version "0.98.5"		-		Affected