Red Hat Bugzilla – Bug 191085
CVE-2006-2224 Quagga RIPd route injection
Last modified: 2014-08-31 19:28:17 EDT
Quagga RIPd route injection
RIPd in Quagga accepts RIPv1 RESPONSE when RIPv2 authentication is enabled. This condition is possible unless RIPv2 only is specified in
the RIPd configuration. This flaw could allow a remote attacker to
inject a route via RIPv1 RESPONSE packets.
This issue also affects FC4
quagga-0.98.6-1.FC5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.