CVE-2006-2223
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.9 Medium
AI Score
Confidence
Low
0.017 Low
EPSS
Percentile
87.8%
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| quagga:quagga | quagga | eq | 0.98.5 |
| quagga:quagga | quagga | eq | 0.99.3 |
References
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
bugzilla.quagga.net/show_bug.cgi?id=261
secunia.com/advisories/19910
secunia.com/advisories/20137
secunia.com/advisories/20138
secunia.com/advisories/20221
secunia.com/advisories/20420
secunia.com/advisories/20421
secunia.com/advisories/20782
secunia.com/advisories/21159
securitytracker.com/id?1016204
www.debian.org/security/2006/dsa-1059
www.gentoo.org/security/en/glsa/glsa-200605-15.xml
www.novell.com/linux/security/advisories/2006_17_sr.html
www.osvdb.org/25224
www.redhat.com/support/errata/RHSA-2006-0525.html
www.redhat.com/support/errata/RHSA-2006-0533.html
www.securityfocus.com/archive/1/432822/100/0/threaded
www.securityfocus.com/archive/1/432823/100/0/threaded
www.securityfocus.com/bid/17808
exchange.xforce.ibmcloud.com/vulnerabilities/26243
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985
usn.ubuntu.com/284-1/
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.9 Medium
AI Score
Confidence
Low
0.017 Low
EPSS
Percentile
87.8%