CVE-2006-2223

Quagga - Improper Input Validation

Title source: rule
STIX 2.1

Description

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Konstantin V. Gavrilenko · textremotelinux
https://www.exploit-db.com/exploits/27801

References (23)

Core 23
Core References
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_17_sr.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/284-1/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26243
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20782
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20138
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/432823/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20421
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25224
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0525.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20137
Issue Tracking x_refsource_confirm
http://bugzilla.quagga.net/show_bug.cgi?id=261
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016204
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19910
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17808
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0533.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21159
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/432822/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1059
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20221
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20420

Scores

EPSS 0.1280
EPSS Percentile 94.1%

Details

CWE
CWE-20
Status published
Products (2)
quagga/quagga 0.98.5
quagga/quagga 0.99.3
Published May 05, 2006
Tracked Since Feb 18, 2026