Test ID:	1.3.6.1.4.1.25623.1.0.59354
Category:	Fedora Local Security Checks
Title:	Fedora Core 5 FEDORA-2006-845 (quagga)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to quagga announced via advisory FEDORA-2006-845. Quagga is a free software that manages TCP/IP based routing protocol. It takes multi-server and multi-thread approach to resolve the current complexity of the Internet. Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as a Route Server and a Route Reflector. It is not a toolkit, it provides full routing power under a new architecture. Quagga by design has a process for each protocol. Quagga is a fork of GNU Zebra. * Mon May 8 2006 Jay Fenlason 0:0.98.6-1.FC5 - Upgrade to new upstream version, closing security problems: bz#191081 CVE-2006-2223 Quagga RIPd information disclosure bz#191085 CVE-2006-2224 Quagga RIPd route injection Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2006-845 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2223 BugTraq ID: 17808 http://www.securityfocus.com/bid/17808 Bugtraq: 20060503 Quagga RIPD unauthenticated route table broadcast (Google Search) http://www.securityfocus.com/archive/1/432822/100/0/threaded Bugtraq: 20060503 Re: Quagga RIPD unauthenticated route injection (Google Search) http://www.securityfocus.com/archive/1/432823/100/0/threaded Debian Security Information: DSA-1059 (Google Search) http://www.debian.org/security/2006/dsa-1059 http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml http://www.osvdb.org/25224 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985 http://www.redhat.com/support/errata/RHSA-2006-0525.html http://www.redhat.com/support/errata/RHSA-2006-0533.html http://securitytracker.com/id?1016204 http://secunia.com/advisories/19910 http://secunia.com/advisories/20137 http://secunia.com/advisories/20138 http://secunia.com/advisories/20221 http://secunia.com/advisories/20420 http://secunia.com/advisories/20421 http://secunia.com/advisories/20782 http://secunia.com/advisories/21159 SGI Security Advisory: 20060602-01-U ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc SuSE Security Announcement: SUSE-SR:2006:017 (Google Search) http://www.novell.com/linux/security/advisories/2006_17_sr.html https://usn.ubuntu.com/284-1/ XForce ISS Database: quagga-ripv1-information-disclosure(26243) https://exchange.xforce.ibmcloud.com/vulnerabilities/26243 Common Vulnerability Exposure (CVE) ID: CVE-2006-2224 Bugtraq: 20060503 Quagga RIPD unauthenticated route injection (Google Search) http://www.securityfocus.com/archive/1/432856/100/0/threaded http://www.osvdb.org/25225 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10775 XForce ISS Database: quagga-ripd-ripv1-response-security-bypass(26251) https://exchange.xforce.ibmcloud.com/vulnerabilities/26251
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.