CVE-2006-2223 Information

Description

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc http://bugzilla.quagga.net/show_bug.cgi?id=261 http://secunia.com/advisories/19910 http://secunia.com/advisories/20137 http://secunia.com/advisories/20138 http://secunia.com/advisories/20221 http://secunia.com/advisories/20420 http://secunia.com/advisories/20421 http://secunia.com/advisories/20782 http://secunia.com/advisories/21159 http://securitytracker.com/id?1016204 http://www.debian.org/security/2006/dsa-1059 http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml http://www.novell.com/linux/security/advisories/2006_17_sr.html http://www.osvdb.org/25224 http://www.redhat.com/support/errata/RHSA-2006-0525.html http://www.redhat.com/support/errata/RHSA-2006-0533.html http://www.securityfocus.com/archive/1/432822/100/0/threaded http://www.securityfocus.com/archive/1/432823/100/0/threaded http://www.securityfocus.com/bid/17808 https://exchange.xforce.ibmcloud.com/vulnerabilities/26243 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9985 https://usn.ubuntu.com/284-1/