CVE-2006-2223

Name of the Vulnerable Software and Affected Versions: Quagga versions 0.98 and 0.99 before 20060503 Quagga versions prior to 0.98.6-r1

Description: The issue concerns the improper implementation of configurations in RIPd, specifically regarding the disabling of RIPv1 or the requirement of plaintext or MD5 authentication. This allows remote attackers to obtain sensitive routing state information via REQUEST packets, such as SEND UPDATE. Multiple vulnerabilities in the Quagga package can lead to a breach of protected information, and exploitation can be carried out remotely.

Recommendations: For Quagga versions 0.98 and 0.99 before 20060503, update to a version after 20060503 to resolve the issue. For Quagga versions prior to 0.98.6-r1, update to version 0.98.6-r1 or later to fix the vulnerabilities. As a temporary workaround, consider restricting access to the RIPd configuration to minimize the risk of exploitation.