Vulnerability Details : CVE-2006-2224
Potential exploit
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
Products affected by CVE-2006-2224
- cpe:2.3:a:quagga:quagga_routing_software_suite:*:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga_routing_software_suite:0.96.2:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga_routing_software_suite:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga_routing_software_suite:0.98.5:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga_routing_software_suite:0.96.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-2224
17.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-2224
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2006-2224
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-2224
-
http://securitytracker.com/id?1016204
Access Denied
-
http://secunia.com/advisories/20221
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/20137
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/21159
About Secunia Research | FlexeraVendor Advisory
-
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
-
http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml
Quagga Routing Suite: Multiple vulnerabilities (GLSA 200605-15) — Gentoo security
-
http://secunia.com/advisories/20420
About Secunia Research | FlexeraVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/26251
Quagga RIPd RIPv1 RESPONSE route injection security bypass CVE-2006-2224 Vulnerability Report
-
http://secunia.com/advisories/20782
About Secunia Research | FlexeraVendor Advisory
-
http://www.securityfocus.com/archive/1/432823/100/0/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10775
404 Not Found
-
http://secunia.com/advisories/19910
About Secunia Research | FlexeraPatch;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0525.html
Support
-
http://www.osvdb.org/25225
404 Not Found
-
http://secunia.com/advisories/20138
About Secunia Research | FlexeraVendor Advisory
-
http://www.securityfocus.com/bid/17808
Exploit;Patch
-
http://www.securityfocus.com/archive/1/432856/100/0/threaded
-
http://www.redhat.com/support/errata/RHSA-2006-0533.html
Support
-
http://bugzilla.quagga.net/show_bug.cgi?id=262
Patch
-
http://www.novell.com/linux/security/advisories/2006_17_sr.html
404 Page Not Found | SUSE
-
http://www.debian.org/security/2006/dsa-1059
[SECURITY] [DSA 1059-1] New quagga packages fix several vulnerabilities
-
http://secunia.com/advisories/20421
About Secunia Research | FlexeraVendor Advisory
-
https://usn.ubuntu.com/284-1/
404: Page not found | Ubuntu
Jump to