CVE - CVE-2006-2223

CVE-ID
CVE-2006-2223	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:17808 URL:http://www.securityfocus.com/bid/17808 BUGTRAQ:20060503 Quagga RIPD unauthenticated route table broadcast URL:http://www.securityfocus.com/archive/1/432822/100/0/threaded BUGTRAQ:20060503 Re: Quagga RIPD unauthenticated route injection URL:http://www.securityfocus.com/archive/1/432823/100/0/threaded CONFIRM:http://bugzilla.quagga.net/show_bug.cgi?id=261 DEBIAN:DSA-1059 URL:http://www.debian.org/security/2006/dsa-1059 GENTOO:GLSA-200605-15 URL:http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml OSVDB:25224 URL:~~http://www.osvdb.org/25224~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:9985 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985 REDHAT:RHSA-2006:0525 URL:http://www.redhat.com/support/errata/RHSA-2006-0525.html REDHAT:RHSA-2006:0533 URL:http://www.redhat.com/support/errata/RHSA-2006-0533.html SECTRACK:1016204 URL:http://securitytracker.com/id?1016204 SECUNIA:19910 URL:http://secunia.com/advisories/19910 SECUNIA:20137 URL:http://secunia.com/advisories/20137 SECUNIA:20138 URL:http://secunia.com/advisories/20138 SECUNIA:20221 URL:http://secunia.com/advisories/20221 SECUNIA:20420 URL:http://secunia.com/advisories/20420 SECUNIA:20421 URL:http://secunia.com/advisories/20421 SECUNIA:20782 URL:http://secunia.com/advisories/20782 SECUNIA:21159 URL:http://secunia.com/advisories/21159 SGI:20060602-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc SUSE:SUSE-SR:2006:017 URL:http://www.novell.com/linux/security/advisories/2006_17_sr.html UBUNTU:USN-284-1 URL:https://usn.ubuntu.com/284-1/ XF:quagga-ripv1-information-disclosure(26243) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26243
Assigning CNA
MITRE Corporation
Date Record Created
20060505	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060505)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)