LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

quagga: multiple vulnerabilities

Package(s):quagga CVE #(s):CVE-2006-2223 CVE-2006-2224 CVE-2006-2276
Created:May 15, 2006 Updated:July 24, 2006
Description: Paul Jakma discovered that Quagga's ripd daemon did not properly handle authentication of RIPv1 requests. If the RIPv1 protocol had been disabled, or authentication for RIPv2 had been enabled, ripd still replied to RIPv1 requests, which could lead to information disclosure. (CVE-2006-2223)

Paul Jakma also noticed that ripd accepted unauthenticated RIPv1 response packets if RIPv2 was configured to require authentication and both protocols were allowed. A remote attacker could exploit this to inject arbitrary routes. (CVE-2006-2224)

Fredrik Widell discovered that Quagga did not properly handle certain invalid 'sh ip bgp' commands. By sending special commands to Quagga, a remote attacker with telnet access to the Quagga server could exploit this to trigger an endless loop in the daemon (Denial of Service). (CVE-2006-2276)

Alerts:
Fedora FEDORA-2006-845 2006-07-22
Fedora FEDORA-2006-843 2006-07-22
Red Hat RHSA-2006:0533-01 2006-06-01
Red Hat RHSA-2006:0525-01 2006-06-01
Gentoo 200605-15 2006-05-21
Debian DSA-1059-1 2006-05-19
Ubuntu USN-284-1 2006-05-15
(Log in to post comments)

quagga: multiple vulnerabilities

Posted May 18, 2006 6:38 UTC (Thu) by paulj (subscriber, #341) [Link]

Corrections, for the record:

I, Paul Jakma, did not notice the RIP problems, it was Konstantin V. Gavrilenko of Arhont. Who then reported them to myself and the other Quagga maintainers. I fixed the issues, with assistance from Konstantin in testing proposed fixes against the issues he had reported.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds