{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-05-03T00:00:00", "descriptions": [{"lang": "en", "value": "RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SR:2006:017", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"}, {"name": "USN-284-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/284-1/"}, {"name": "quagga-ripv1-information-disclosure(26243)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243"}, {"name": "20782", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20782"}, {"name": "20138", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20138"}, {"name": "20060503 Re: Quagga RIPD unauthenticated route injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded"}, {"name": "20421", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20421"}, {"name": "20060602-01-U", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"}, {"name": "25224", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/25224"}, {"name": "RHSA-2006:0525", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"}, {"name": "20137", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20137"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.quagga.net/show_bug.cgi?id=261"}, {"name": "1016204", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016204"}, {"name": "19910", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19910"}, {"name": "oval:org.mitre.oval:def:9985", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985"}, {"name": "17808", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17808"}, {"name": "RHSA-2006:0533", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"}, {"name": "GLSA-200605-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"}, {"name": "21159", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21159"}, {"name": "20060503 Quagga RIPD unauthenticated route table broadcast", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded"}, {"name": "DSA-1059", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1059"}, {"name": "20221", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20221"}, {"name": "20420", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20420"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2223", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SR:2006:017", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"}, {"name": "USN-284-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/284-1/"}, {"name": "quagga-ripv1-information-disclosure(26243)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243"}, {"name": "20782", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20782"}, {"name": "20138", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20138"}, {"name": "20060503 Re: Quagga RIPD unauthenticated route injection", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded"}, {"name": "20421", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20421"}, {"name": "20060602-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"}, {"name": "25224", "refsource": "OSVDB", "url": "http://www.osvdb.org/25224"}, {"name": "RHSA-2006:0525", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"}, {"name": "20137", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20137"}, {"name": "http://bugzilla.quagga.net/show_bug.cgi?id=261", "refsource": "CONFIRM", "url": "http://bugzilla.quagga.net/show_bug.cgi?id=261"}, {"name": "1016204", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016204"}, {"name": "19910", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19910"}, {"name": "oval:org.mitre.oval:def:9985", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985"}, {"name": "17808", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17808"}, {"name": "RHSA-2006:0533", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"}, {"name": "GLSA-200605-15", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"}, {"name": "21159", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21159"}, {"name": "20060503 Quagga RIPD unauthenticated route table broadcast", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded"}, {"name": "DSA-1059", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1059"}, {"name": "20221", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20221"}, {"name": "20420", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20420"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:43:28.938Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SR:2006:017", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"}, {"name": "USN-284-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/284-1/"}, {"name": "quagga-ripv1-information-disclosure(26243)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243"}, {"name": "20782", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20782"}, {"name": "20138", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20138"}, {"name": "20060503 Re: Quagga RIPD unauthenticated route injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded"}, {"name": "20421", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20421"}, {"name": "20060602-01-U", "tags": ["vendor-advisory", "x_refsource_SGI", "x_transferred"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"}, {"name": "25224", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/25224"}, {"name": "RHSA-2006:0525", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"}, {"name": "20137", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20137"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugzilla.quagga.net/show_bug.cgi?id=261"}, {"name": "1016204", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016204"}, {"name": "19910", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19910"}, {"name": "oval:org.mitre.oval:def:9985", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985"}, {"name": "17808", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17808"}, {"name": "RHSA-2006:0533", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"}, {"name": "GLSA-200605-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"}, {"name": "21159", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21159"}, {"name": "20060503 Quagga RIPD unauthenticated route table broadcast", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded"}, {"name": "DSA-1059", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1059"}, {"name": "20221", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20221"}, {"name": "20420", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20420"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2223", "datePublished": "2006-05-05T19:00:00", "dateReserved": "2006-05-05T00:00:00", "dateUpdated": "2024-08-07T17:43:28.938Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*", "matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49", "vulnerable": true}, {"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*", "matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE."}, {"lang": "es", "value": "RIPd en Quagga 0.98 y 0.99 anteriores a 20060503 no implementa adecuadamente configuraciones que (1) deshabiliten RIPv1 o (2) necesiten autenticaci\u00f3n MD5 o en texto plano, lo que permite a atacantes remotos obtener informaci\u00f3n sensible (estado de encaminamiento) mediante paquetes \"REQUEST\" como \"SEND UPDATE\".\u00ba"}], "id": "CVE-2006-2223", "lastModified": "2018-10-18T16:38:41.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-05-05T19:02:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"}, {"source": "cve@mitre.org", "url": "http://bugzilla.quagga.net/show_bug.cgi?id=261"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19910"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20137"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20138"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20221"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20420"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20421"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20782"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21159"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016204"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1059"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/25224"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/17808"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/284-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2006:0525", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "quagga-0:0.96.2-11.3E", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2006-06-01T00:00:00Z"}, {"advisory": "RHSA-2006:0525", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "quagga-0:0.98.3-2.4E", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2006-06-01T00:00:00Z"}, {"advisory": "RHSA-2006:0533", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1", "release_date": "2006-06-01T00:00:00Z"}, {"advisory": "RHSA-2006:0533", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Linux Advanced Workstation 2.1", "release_date": "2006-06-01T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1618091", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618091"}, "csaw": false, "details": ["RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE."], "name": "CVE-2006-2223", "public_date": "2006-05-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2006-2223\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-2223"], "threat_severity": "Moderate"}