CVE-2006-2223

{"id": "CVE-2006-2223", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-05-05T19:02:00.000", "references": [{"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc", "source": "cve@mitre.org"}, {"url": "http://bugzilla.quagga.net/show_bug.cgi?id=261", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19910", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20137", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20138", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20221", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20420", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20421", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20782", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21159", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016204", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2006/dsa-1059", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/25224", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17808", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/284-1/", "source": "cve@mitre.org"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://bugzilla.quagga.net/show_bug.cgi?id=261", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/19910", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/20137", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/20138", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/20221", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/20420", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/20421", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/20782", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/21159", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1016204", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2006/dsa-1059", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/25224", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/17808", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/284-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE."}, {"lang": "es", "value": "RIPd en Quagga 0.98 y 0.99 anteriores a 20060503 no implementa adecuadamente configuraciones que (1) deshabiliten RIPv1 o (2) necesiten autenticaci\u00f3n MD5 o en texto plano, lo que permite a atacantes remotos obtener informaci\u00f3n sensible (estado de encaminamiento) mediante paquetes \"REQUEST\" como \"SEND UPDATE\".\u00ba"}], "lastModified": "2024-11-21T00:10:49.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49"}, {"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}