CVE-2006-2223
Quagga Routing Software Suite 0.9x - RIPd RIPv1 Request Routing Table Disclosure
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.
RIPd en Quagga 0.98 y 0.99 anteriores a 20060503 no implementa adecuadamente configuraciones que (1) deshabiliten RIPv1 o (2) necesiten autenticación MD5 o en texto plano, lo que permite a atacantes remotos obtener información sensible (estado de encaminamiento) mediante paquetes "REQUEST" como "SEND UPDATE".º
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-05-03 First Exploit
- 2006-05-05 CVE Reserved
- 2006-05-05 CVE Published
- 2024-03-25 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (26)
| URL | Tag | Source |
|---|---|---|
| http://bugzilla.quagga.net/show_bug.cgi?id=261 | X_refsource_confirm | |
| http://securitytracker.com/id?1016204 | Vdb Entry | |
| http://www.osvdb.org/25224 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/432822/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/432823/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26243 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/27801 | 2006-05-03 | |
| http://www.securityfocus.com/bid/17808 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/19910 | 2018-10-18 |
| URL | Date | SRC |
|---|---|---|
| ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc | 2018-10-18 | |
| http://secunia.com/advisories/20137 | 2018-10-18 | |
| http://secunia.com/advisories/20138 | 2018-10-18 | |
| http://secunia.com/advisories/20221 | 2018-10-18 | |
| http://secunia.com/advisories/20420 | 2018-10-18 | |
| http://secunia.com/advisories/20421 | 2018-10-18 | |
| http://secunia.com/advisories/20782 | 2018-10-18 | |
| http://secunia.com/advisories/21159 | 2018-10-18 | |
| http://www.debian.org/security/2006/dsa-1059 | 2018-10-18 | |
| http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml | 2018-10-18 | |
| http://www.novell.com/linux/security/advisories/2006_17_sr.html | 2018-10-18 | |
| http://www.redhat.com/support/errata/RHSA-2006-0525.html | 2018-10-18 | |
| http://www.redhat.com/support/errata/RHSA-2006-0533.html | 2018-10-18 | |
| https://usn.ubuntu.com/284-1 | 2018-10-18 | |
| https://access.redhat.com/security/cve/CVE-2006-2223 | 2006-06-01 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1618091 | 2006-06-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.98.5 Search vendor "Quagga" for product "Quagga" and version "0.98.5" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.3 Search vendor "Quagga" for product "Quagga" and version "0.99.3" | - |
Affected
| ||||||