QwikSec

Security Database

CVE

CWE

Training

CVE-2012-1576

Published: Oct 1, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_GENTOO

[oss-security] 20120322 Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour

mailing-list

x_refsource_MLIST

[oss-security] 20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour

mailing-list

x_refsource_MLIST

20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour

mailing-list

x_refsource_FULLDISC

third-party-advisory

x_refsource_SECUNIA

http://jira.atheme.org/browse/SRV-166

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

http://git.atheme.org/atheme/commit/?id=3d9551761db2

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.