漏洞信息详情
Quagga RIPd 路由注入漏洞
- CNNVD编号:CNNVD-200605-090
- 危害等级: 低危
- CVE编号: CVE-2006-2224
- 漏洞类型: 授权问题
- 发布时间: 2006-05-05
- 威胁类型: 远程
- 更新时间: 2006-05-08
- 厂 商: quagga
- 漏洞来源: Konstantin V. Gavr...
漏洞简介
RIPd in Quagga 0.98和0.99 20060503之前版本的RIPd不能正确实施RIPv2认证要求,使得远程攻击者可以通过RIPv1 RESPONSE包修改路由状态。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Quagga Quagga Routing Software Suite 0.97.3
Ubuntu quagga-doc_0.97.3-1ubuntu1.1_all.debUbuntu 5.04 (Hoary HEdgehog)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.97.3
-1ubuntu1.1_all.deb
Ubuntu quagga_0.97.3-1ubuntu1.1_amd64.debUbuntu 5.04 (Hoary HEdgehog)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.97.3-1ub
untu1.1_amd64.deb
Ubuntu quagga_0.97.3-1ubuntu1.1_i386.debUbuntu 5.04 (Hoary HEdgehog)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.97.3-1ub
untu1.1_i386.deb
Ubuntu quagga_0.97.3-1ubuntu1.1_powerpc.debUbuntu 5.04 (Hoary HEdgehog)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.97.3-1ub
untu1.1_powerpc.deb
Quagga Quagga Routing Software Suite 0.98.5
Quagga Fixes for 0.98.x RIPd bugs 261 and 262
http://bugzilla.quagga.net/attachment.cgi?id=84&action=view
Quagga Quagga Routing Software Suite 0.99.3
Quagga Fixes for 0.99.x RIPd bugs 261 and 262
http://bugzilla.quagga.net/attachment.cgi?id=83&action=view
参考网址
来源: BID
名称: 17808
链接:http://www.securityfocus.com/bid/17808
来源: SECUNIA
名称: 19910
链接:http://secunia.com/advisories/19910
来源: bugzilla.quagga.net
链接:http://bugzilla.quagga.net/show_bug.cgi?id=262
来源: BUGTRAQ
名称: 20060503 Quagga RIPD unauthenticated route injection
链接:http://www.securityfocus.com/archive/1/archive/1/432856/100/0/threaded
来源: BUGTRAQ
名称: 20060503 Re: Quagga RIPD unauthenticated route injection
链接:http://www.securityfocus.com/archive/1/archive/1/432823/100/0/threaded
来源: XF
名称: quagga-ripd-ripv1-response-security-bypass(26251)
链接:http://xforce.iss.net/xforce/xfdb/26251
来源: UBUNTU
名称: USN-284-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-284-1
来源: REDHAT
名称: RHSA-2006:0533
链接:http://www.redhat.com/support/errata/RHSA-2006-0533.HTML
来源: REDHAT
名称: RHSA-2006:0525
链接:http://www.redhat.com/support/errata/RHSA-2006-0525.HTML
来源: OSVDB
名称: 25225
链接:http://www.osvdb.org/25225
来源: SUSE
名称: SUSE-SR:2006:017
链接:http://www.novell.com/linux/security/advisories/2006_17_sr.HTML
来源: GENTOO
名称: GLSA-200605-15
链接:http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml
来源: DEBIAN
名称: DSA-1059
链接:http://www.debian.org/security/2006/dsa-1059
来源: SECTRACK
名称: 1016204
链接:http://securitytracker.com/id?1016204
来源: SECUNIA
名称: 21159
链接:http://secunia.com/advisories/21159
来源: SECUNIA
名称: 20782
链接:http://secunia.com/advisories/20782
来源: SECUNIA
名称: 20421
链接:http://secunia.com/advisories/20421
来源: SECUNIA
名称: 20420
链接:http://secunia.com/advisories/20420
来源: SECUNIA
名称: 20221
链接:http://secunia.com/advisories/20221
来源: SECUNIA
名称: 20138
链接:http://secunia.com/advisories/20138
来源: SECUNIA
名称: 20137
链接:http://secunia.com/advisories/20137
来源: SGI
名称: 20060602-01-U
链接:ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
受影响实体
- Quagga Quagga_routing_software_suite:0.99.3
- Quagga Quagga_routing_software_suite:0.98.5
- Quagga Quagga_routing_software_suite:0.96.3
- Quagga Quagga_routing_software_suite:0.96.2
- Quagga Quagga_routing_software_suite:0.95
补丁
暂无
评论