FKIE_CVE-2006-2223

Vulnerability from fkie_nvd - Published: 2006-05-05 19:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
cve@mitre.orghttp://bugzilla.quagga.net/show_bug.cgi?id=261
cve@mitre.orghttp://secunia.com/advisories/19910Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/20137Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/20138Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/20221Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/20420Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/20421Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/20782Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21159Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1016204
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1059
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200605-15.xml
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_17_sr.html
cve@mitre.orghttp://www.osvdb.org/25224
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0525.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0533.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/432822/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/432823/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/17808Exploit, Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/26243
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985
cve@mitre.orghttps://usn.ubuntu.com/284-1/
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.quagga.net/show_bug.cgi?id=261
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19910Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20137Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20138Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20221Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20420Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20421Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20782Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21159Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016204
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1059
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_17_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/25224
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0525.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0533.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/432822/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/432823/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/17808Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/26243
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/284-1/
Impacted products
Vendor Product Version
quagga quagga 0.98.5
quagga quagga 0.99.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE."
    },
    {
      "lang": "es",
      "value": "RIPd en Quagga 0.98 y 0.99 anteriores a 20060503 no implementa adecuadamente configuraciones que (1) deshabiliten RIPv1 o (2) necesiten autenticaci\u00f3n MD5 o en texto plano, lo que permite a atacantes remotos obtener informaci\u00f3n sensible (estado de encaminamiento) mediante paquetes \"REQUEST\" como \"SEND UPDATE\".\u00ba"
    }
  ],
  "id": "CVE-2006-2223",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-05-05T19:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugzilla.quagga.net/show_bug.cgi?id=261"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19910"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20137"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20138"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20221"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20420"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20421"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20782"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21159"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016204"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1059"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/25224"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17808"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/284-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.quagga.net/show_bug.cgi?id=261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20421"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/25224"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/284-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.