Quagga RIPd 路由注入漏洞

漏洞信息详情

Quagga RIPd 路由注入漏洞

• CNNVD编号：CNNVD-200605-090
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2006-2224
  
• 漏洞类型：
  
  
  授权问题
  
• 发布时间：
  
  2006-05-05
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-05-08
  
• 厂        商：
  
  quagga
• 漏洞来源：
  Konstantin V. Gavr…

RIPd in Quagga 0.98和0.99 20060503之前版本的RIPd不能正确实施RIPv2认证要求，使得远程攻击者可以通过RIPv1 RESPONSE包修改路由状态。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Quagga Quagga Routing Software Suite 0.97.3

Ubuntu quagga-doc_0.97.3-1ubuntu1.1_all.debUbuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.97.3

-1ubuntu1.1_all.deb

Ubuntu quagga_0.97.3-1ubuntu1.1_amd64.debUbuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.97.3-1ub

untu1.1_amd64.deb

Ubuntu quagga_0.97.3-1ubuntu1.1_i386.debUbuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.97.3-1ub

untu1.1_i386.deb

Ubuntu quagga_0.97.3-1ubuntu1.1_powerpc.debUbuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.97.3-1ub

untu1.1_powerpc.deb

Quagga Quagga Routing Software Suite 0.98.5

Quagga Fixes for 0.98.x RIPd bugs 261 and 262

http://bugzilla.quagga.net/attachment.cgi?id=84&action=view

Quagga Quagga Routing Software Suite 0.99.3

Quagga Fixes for 0.99.x RIPd bugs 261 and 262

http://bugzilla.quagga.net/attachment.cgi?id=83&action=view

来源: BID

名称: 17808

链接:http://www.securityfocus.com/bid/17808

来源: SECUNIA

名称: 19910

链接:http://secunia.com/advisories/19910

来源: bugzilla.quagga.net

链接:http://bugzilla.quagga.net/show_bug.cgi?id=262

来源: BUGTRAQ

名称: 20060503 Quagga RIPD unauthenticated route injection

链接:http://www.securityfocus.com/archive/1/archive/1/432856/100/0/threaded

来源: BUGTRAQ

名称: 20060503 Re: Quagga RIPD unauthenticated route injection

链接:http://www.securityfocus.com/archive/1/archive/1/432823/100/0/threaded

来源: XF

名称: quagga-ripd-ripv1-response-security-bypass(26251)

链接:http://xforce.iss.net/xforce/xfdb/26251

来源: UBUNTU

名称: USN-284-1

链接:http://www.ubuntulinux.org/support/documentation/usn/usn-284-1

来源: REDHAT

名称: RHSA-2006:0533

链接:http://www.redhat.com/support/errata/RHSA-2006-0533.html

来源: REDHAT

名称: RHSA-2006:0525

链接:http://www.redhat.com/support/errata/RHSA-2006-0525.html

来源: OSVDB

名称: 25225

链接:http://www.osvdb.org/25225

来源: SUSE

名称: SUSE-SR:2006:017

链接:http://www.novell.com/linux/security/advisories/2006_17_sr.html

来源: GENTOO

名称: GLSA-200605-15

链接:http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml

来源: DEBIAN

名称: DSA-1059

链接:http://www.debian.org/security/2006/dsa-1059

来源: SECTRACK

名称: 1016204

链接:http://securitytracker.com/id?1016204

来源: SECUNIA

名称: 21159

链接:http://secunia.com/advisories/21159

来源: SECUNIA

名称: 20782

链接:http://secunia.com/advisories/20782

来源: SECUNIA

名称: 20421

链接:http://secunia.com/advisories/20421

来源: SECUNIA

名称: 20420

链接:http://secunia.com/advisories/20420

来源: SECUNIA

名称: 20221

链接:http://secunia.com/advisories/20221

来源: SECUNIA

名称: 20138

链接:http://secunia.com/advisories/20138

来源: SECUNIA

名称: 20137

链接:http://secunia.com/advisories/20137

来源: SGI

名称: 20060602-01-U

链接:ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc