Summary: | <net-irc/atheme-services-6.0.10 : DoS (CVE-2012-1576) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | binki, jdhore, net-irc |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://tortois.es/~nenolod/ASA-2012-03-01.txt | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-03-21 08:34:47 UTC
Both stable by jd. @security, the advisory says privilege escalation or crash. Can you check and/or vote please? Thanks, everyone. GLSA Vote: yes. YES too, request filed. This issue was resolved and addressed in GLSA 201209-09 at http://security.gentoo.org/glsa/glsa-201209-09.xml by GLSA coordinator Sean Amoss (ackle). CVE-2012-1576 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1576): The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user. |