CVE Vulnerabilities

CVE-2006-2224

Improper Authentication

Published: May 05, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Quagga_routing_software_suite Quagga 0.98.5 0.98.5
Quagga_routing_software_suite Quagga 0.96.3 0.96.3
Quagga_routing_software_suite Quagga 0.95 0.95
Quagga_routing_software_suite Quagga 0.96.2 0.96.2
Quagga_routing_software_suite Quagga * 0.99.3

Potential Mitigations

References