CVE-2006-2223

Quagga 0.98-0.99 - Unauthenticated Routing State Exposure via RIPv1 REQUEST Packets

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2223. PoCs published by Konstantin V. Gavrilenko.

AI-analyzed exploit summary This exploit leverages Quagga's failure to enforce authentication and protocol configuration, allowing remote attackers to inject arbitrary routes into the RIP routing table via a crafted UDP packet sent to port 520.

Description

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Konstantin V. Gavrilenko · textremotelinux
https://www.exploit-db.com/exploits/27801

This exploit leverages Quagga's failure to enforce authentication and protocol configuration, allowing remote attackers to inject arbitrary routes into the RIP routing table via a crafted UDP packet sent to port 520.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Quagga versions 0.98.5 and 0.99.3
No auth needed
Prerequisites: Network access to the target system · Quagga running with RIP enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (23)

Core 23
Core References
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_17_sr.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/284-1/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26243
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20782
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20138
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/432823/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20421
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25224
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0525.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20137
Issue Tracking x_refsource_confirm
http://bugzilla.quagga.net/show_bug.cgi?id=261
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016204
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19910
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17808
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0533.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21159
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/432822/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1059
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20221
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20420

Scores

EPSS 0.1128
EPSS Percentile 95.4%

Details

CWE
CWE-20
Status published
Products (2)
quagga/quagga 0.98.5
quagga/quagga 0.99.3
Published May 05, 2006
Tracked Since Feb 18, 2026