CVE-2006-2223 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-2223
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-2223

Description: RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26243 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-284-1 SUSE http://www.novell.com/linux/security/advisories/2006_17_sr.html ST 1016204 SGI SAID Secunia Advisory: SA19910 Secunia Advisory: SA20137 Secunia Advisory: SA20138 Secunia Advisory: SA20221 Secunia Advisory: SA20420 Secunia Advisory: SA20421 Secunia Advisory: SA20782 Secunia Advisory: SA21159 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0533.html http://www.redhat.com/support/errata/RHSA-2006-0525.html OSVDB 25224 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml DEBIAN http://www.debian.org/security/2006/dsa-1059 CONFIRM http://bugzilla.quagga.net/show_bug.cgi?id=261 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/432823/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/432822/100/0/threaded BID 17808

Return to the previous page.