6 matches found
CVE-2012-1576
The myuserdelete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service daemon cra...
Code injection
The myuserdelete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service daemon cra...
CVE-2012-1576
The myuserdelete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service daemon cra...
CVE-2012-1576
The myuserdelete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service daemon cra...
CVE-2012-1576
Summary: CVE-2012-1576 affects Atheme IRC Services. The myuser_delete() function in libathemecore/account.c fails to remove CertFP entries when deleting a user, allowing a remote attacker to access another user’s account or cause a daemon crash by logging in as a deleted user. Affected branches: ...
Atheme IRC Services: Denial of service
Background Atheme is a portable and secure set of open-source and modular IRC services. CertFP is certificate fingerprinting used to authenticate users to nicknames. Description The “myuserdelete” function in account.c does not properly remove CertFP entries when deleting user accounts. Impact A...