[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-2223Date: (C)2006-05-05   (M)2023-12-22


RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1016204
BID-17808
SECUNIA-19910
http://www.securityfocus.com/archive/1/432822/100/0/threaded
http://www.securityfocus.com/archive/1/432823/100/0/threaded
20060602-01-U
SECUNIA-20137
SECUNIA-20138
SECUNIA-20221
SECUNIA-20420
SECUNIA-20421
SECUNIA-20782
SECUNIA-21159
OSVDB-25224
DSA-1059
GLSA-200605-15
RHSA-2006:0525
RHSA-2006:0533
SUSE-SR:2006:017
USN-284-1
http://bugzilla.quagga.net/show_bug.cgi?id=261
oval:org.mitre.oval:def:9985
quagga-ripv1-information-disclosure(26243)

CPE    2
cpe:/a:quagga:quagga:0.98.5
cpe:/a:quagga:quagga:0.99.3
CWE    1
CWE-20

© SecPod Technologies