CVE-2006-2223 – Quagga Routing Software Suite 0.9x - RIPd RIPv1 Request Routing Table Disclosure
https://notcve.org/view.php?id=CVE-2006-2223
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE. RIPd en Quagga 0.98 y 0.99 anteriores a 20060503 no implementa adecuadamente configuraciones que (1) deshabiliten RIPv1 o (2) necesiten autenticación MD5 o en texto plano, lo que permite a atacantes remotos obtener información sensible (estado de encaminamiento) mediante paquetes "REQUEST" como "SEND UPDATE".º • https://www.exploit-db.com/exploits/27801 ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc http://bugzilla.quagga.net/show_bug.cgi?id=261 http://secunia.com/advisories/19910 http://secunia.com/advisories/20137 http://secunia.com/advisories/20138 http://secunia.com/advisories/20221 http://secunia.com/advisories/20420 http://secunia.com/advisories/20421 http://secunia.com/advisories/20782 http://secunia.com/advisories/21159 http://securitytracker.com • CWE-20: Improper Input Validation •