CVE-2006-2224

Quagga Routing Software Suite < 0.99.3 - Authentication Bypass

Title source: rule

Description

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Konstantin V. Gavrilenko · textremotelinux

https://www.exploit-db.com/exploits/27802

View Code ZIP pw:eip

References (23)

[Patch] http://bugzilla.quagga.net/show_bug.cgi?id=262

[Patch, Vendor Advisory] http://secunia.com/advisories/19910

[Vendor Advisory] http://secunia.com/advisories/20137

[Vendor Advisory] http://secunia.com/advisories/20138

[Vendor Advisory] http://secunia.com/advisories/20221

[Vendor Advisory] http://secunia.com/advisories/20420

[Vendor Advisory] http://secunia.com/advisories/20421

[Vendor Advisory] http://secunia.com/advisories/20782

[Vendor Advisory] http://secunia.com/advisories/21159

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0525.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0533.html

[Exploit, Patch] http://www.securityfocus.com/bid/17808

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26251

[Vendor Advisory] https://usn.ubuntu.com/284-1/

[Vendor Advisory] ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2006_17_sr.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/432823/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/432856/100/0/threaded

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1059

... and 3 more

Scores

EPSS 0.2018

EPSS Percentile 95.4%

Classification

CWE

CWE-287

Status draft

Affected Products (5)

quagga/quagga_routing_software_suite < 0.99.3

quagga/quagga_routing_software_suite

Timeline

Published May 05, 2006

Tracked Since Feb 18, 2026