Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2223

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2223
Last Modified 31 Mar 2011 12:00:00
Published 05 May 2006 03:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2223

Summary

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.

Vulnerable Systems

Application

  • Quagga 0.98.5

  • Quagga 0.99.3


References

BID - 17808

SECUNIA - 19910

XF - quagga-ripv1-information-disclosure(26243)

UBUNTU - USN-284-1

BUGTRAQ - 20060503 Re: Quagga RIPD unauthenticated route injection

BUGTRAQ - 20060503 Quagga RIPD unauthenticated route table broadcast

REDHAT - RHSA-2006:0533

REDHAT - RHSA-2006:0525

OSVDB - 25224

SUSE - SUSE-SR:2006:017

GENTOO - GLSA-200605-15

DEBIAN - DSA-1059

SECTRACK - 1016204

SECUNIA - 21159

SECUNIA - 20782

SECUNIA - 20421

SECUNIA - 20420

SECUNIA - 20221

SECUNIA - 20138

SECUNIA - 20137

CONFIRM - http://bugzilla.quagga.net/show_bug.cgi?id=261

SGI - 20060602-01-U


Last Updated: 27 May 2016 10:42:23