Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-284-1
HistoryMay 16, 2006 - 12:00 a.m.

Quagga vulnerabilities

2006-05-1600:00:00
ubuntu.com
32

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.125 Low

EPSS

Percentile

95.5%

JSON

Releases

  • Ubuntu 5.10
  • Ubuntu 5.04

Details

Paul Jakma discovered that Quagga’s ripd daemon did not properly
handle authentication of RIPv1 requests. If the RIPv1 protocol had
been disabled, or authentication for RIPv2 had been enabled, ripd
still replied to RIPv1 requests, which could lead to information
disclosure. (CVE-2006-2223)

Paul Jakma also noticed that ripd accepted unauthenticated RIPv1
response packets if RIPv2 was configured to require authentication and
both protocols were allowed. A remote attacker could exploit this to
inject arbitrary routes. (CVE-2006-2224)

Fredrik Widell discovered that Quagga did not properly handle certain
invalid ‘sh ip bgp’ commands. By sending special commands to Quagga, a
remote attacker with telnet access to the Quagga server could exploit
this to trigger an endless loop in the daemon (Denial of Service).
(CVE-2006-2276)

OSVersionArchitecturePackageVersionFilename
Ubuntu5.10noarchquagga< *UNKNOWN
Ubuntu5.04noarchquagga< *UNKNOWN

Related

nessus 10
centos 2
osv 1
openvas 4
redhat 2
gentoo 1
debian 2
debiancve 3
nvd 4
ubuntucve 3
cvelist 3
prion 3
cve 4
nessus
nessus
RHEL 3 / 4 : quagga (RHSA-2006:0525)
2006-06-05 00:00:00
Ubuntu 5.04 / 5.10 : quagga vulnerabilities (USN-284-1)
2006-05-16 00:00:00
RHEL 2.1 : zebra (RHSA-2006:0533)
2006-06-05 00:00:00
centos
centos
quagga security update
2006-06-01 18:15:40
zebra security update
2006-06-04 23:49:28
osv
osv
quagga - several
2006-05-19 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1059-1)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200605-15 (quagga)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200605-15 (quagga)
2008-09-24 00:00:00
redhat
redhat
(RHSA-2006:0525) quagga security update
2006-06-01 00:00:00
(RHSA-2006:0533) zebra security update
2006-06-01 00:00:00
gentoo
gentoo
Quagga Routing Suite: Multiple vulnerabilities
2006-05-21 00:00:00
debian
debian
[SECURITY] [DSA 1059-1] New quagga packages fix several vulnerabilities
2006-05-19 15:46:52
[SECURITY] [DSA 1059-1] New quagga packages fix several vulnerabilities
2006-05-19 15:46:52
debiancve
debiancve
CVE-2006-2223
2006-05-05 19:02:00
CVE-2006-2224
2006-05-05 19:02:00
CVE-2006-2276
2006-05-10 02:14:00
nvd
nvd
CVE-2006-2223
2006-05-05 19:02:00
CVE-2006-2276
2006-05-10 02:14:00
CVE-2006-2224
2006-05-05 19:02:00
ubuntucve
ubuntucve
CVE-2006-2224
2006-05-05 00:00:00
CVE-2006-2276
2006-05-10 00:00:00
CVE-2006-2223
2006-05-05 00:00:00
cvelist
cvelist
CVE-2006-2224
2006-05-05 19:00:00
CVE-2006-2223
2006-05-05 19:00:00
CVE-2006-2276
2006-05-09 23:00:00
prion
prion
Authentication flaw
2006-05-05 19:02:00
Authentication flaw
2006-05-05 19:02:00
Design/Logic Flaw
2006-05-10 02:14:00
cve
cve
CVE-2006-2223
2006-05-05 19:02:00
CVE-2006-2224
2006-05-05 19:02:00
CVE-2006-2276
2006-05-10 02:14:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.125 Low

EPSS

Percentile

95.5%

JSON
Related for USN-284-1
nessus10centos2osv1openvas4redhat2gentoo1debian2debiancve3nvd4ubuntucve3cvelist3prion3cve4