CVE-2006-2224

Description

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.

How to fix CVE-2006-2224

To remediate CVE-2006-2224, upgrade the affected package to a fixed version below.

• Debian/quagga—upgrade to 0.99.3-2 or later

Is CVE-2006-2224 being exploited?

Moderate — EPSS is 20.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 0.99.3-2

References (23)

• ADVISORYpatches.sgi.com/support/free/security/advisories/20060602-01-U.asc
• ADVISORYsecunia.com/advisories/20137
• ADVISORYsecunia.com/advisories/20138
• ADVISORYsecunia.com/advisories/20221
• ADVISORYsecunia.com/advisories/20420