Gentoo FoundationGLSA-201209-09Atheme IRC Services: Denial of service
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.3%
Background
Atheme is a portable and secure set of open-source and modular IRC services. CertFP is certificate fingerprinting used to authenticate users to nicknames.
Description
The “myuser_delete()” function in account.c does not properly remove CertFP entries when deleting user accounts.
Impact
A remote authenticated attacker may be able to cause a Denial of Service condition or gain access to an Atheme IRC Services user account.
Workaround
There is no known workaround at this time.
Resolution
All Atheme users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/atheme-services-6.0.10"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-irc/atheme-services | < 6.0.10 | UNKNOWN |
Related
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.3%