CVE-2006-2224

Quagga Routing Software Suite < 0.99.3 - Unauthenticated Routing State Modification via RIPv1 RESPONSE Packets

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2224. PoCs published by Konstantin V. Gavrilenko.

AI-analyzed exploit summary This exploit leverages Quagga's failure to enforce authentication and protocol configuration, allowing remote attackers to inject arbitrary routes into the RIP routing table via a crafted UDP packet sent to port 520.

Description

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Konstantin V. Gavrilenko · textremotelinux
https://www.exploit-db.com/exploits/27802

This exploit leverages Quagga's failure to enforce authentication and protocol configuration, allowing remote attackers to inject arbitrary routes into the RIP routing table via a crafted UDP packet sent to port 520.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Quagga versions 0.98.5 and 0.99.3
No auth needed
Prerequisites: Network access to the target system · Quagga running with RIP enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (23)

Core 23
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/284-1/
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_17_sr.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26251
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20782
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10775
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20138
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/432823/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20421
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0525.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25225
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20137
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016204
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19910
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17808
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0533.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21159
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/432856/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1059
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20221
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20420

Scores

EPSS 0.1036
EPSS Percentile 95.1%

Details

CWE
CWE-287
Status published
Products (5)
quagga/quagga_routing_software_suite 0.95
quagga/quagga_routing_software_suite 0.96.2
quagga/quagga_routing_software_suite 0.96.3
quagga/quagga_routing_software_suite 0.98.5
quagga/quagga_routing_software_suite < 0.99.3
Published May 05, 2006
Tracked Since Feb 18, 2026