Vulnerability Description
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quagga | Quagga | 0.98.5 |
Related Weaknesses (CWE)
References
- ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
- http://bugzilla.quagga.net/show_bug.cgi?id=261
- http://secunia.com/advisories/19910PatchVendor Advisory
- http://secunia.com/advisories/20137Vendor Advisory
- http://secunia.com/advisories/20138Vendor Advisory
- http://secunia.com/advisories/20221Vendor Advisory
- http://secunia.com/advisories/20420Vendor Advisory
- http://secunia.com/advisories/20421Vendor Advisory
- http://secunia.com/advisories/20782Vendor Advisory
- http://secunia.com/advisories/21159Vendor Advisory
- http://securitytracker.com/id?1016204
- http://www.debian.org/security/2006/dsa-1059
- http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml
- http://www.novell.com/linux/security/advisories/2006_17_sr.html
- http://www.osvdb.org/25224
FAQ
What is CVE-2006-2223?
CVE-2006-2223 is a vulnerability with a CVSS score of 5.0 (MEDIUM). RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain s...
How severe is CVE-2006-2223?
CVE-2006-2223 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2223?
Check the references section above for vendor advisories and patch information. Affected products include: Quagga Quagga.