Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-2223

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.

Published

2006-05-05T19:02:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	quagga	quagga	0.98.5	Yes
Application	quagga	quagga	0.99.3	Yes

References

ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc ([email protected])
http://bugzilla.quagga.net/show_bug.cgi?id=261 ([email protected])
http://secunia.com/advisories/19910 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/20137 Vendor Advisory ([email protected])
http://secunia.com/advisories/20138 Vendor Advisory ([email protected])
http://secunia.com/advisories/20221 Vendor Advisory ([email protected])
http://secunia.com/advisories/20420 Vendor Advisory ([email protected])
http://secunia.com/advisories/20421 Vendor Advisory ([email protected])
http://secunia.com/advisories/20782 Vendor Advisory ([email protected])
http://secunia.com/advisories/21159 Vendor Advisory ([email protected])
http://securitytracker.com/id?1016204 ([email protected])
http://www.debian.org/security/2006/dsa-1059 ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml ([email protected])
http://www.novell.com/linux/security/advisories/2006_17_sr.html ([email protected])
http://www.osvdb.org/25224 ([email protected])
http://www.redhat.com/support/errata/RHSA-2006-0525.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2006-0533.html ([email protected])
http://www.securityfocus.com/archive/1/432822/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/432823/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/17808 Exploit, Patch ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/26243 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985 ([email protected])
https://usn.ubuntu.com/284-1/ ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc (af854a3a-2127-422b-91ae-364da2661108)
http://bugzilla.quagga.net/show_bug.cgi?id=261 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19910 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20137 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20138 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20221 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20420 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20421 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20782 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21159 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1016204 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1059 (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2006_17_sr.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/25224 (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2006-0525.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2006-0533.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/432822/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/432823/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/17808 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26243 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985 (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/284-1/ (af854a3a-2127-422b-91ae-364da2661108)