GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Sep 25, 2012 11:26 am Post subject: [ GLSA 201209-09 ] Atheme IRC Services: Denial of Service |
 |
|
Gentoo Linux Security Advisory
Title: Atheme IRC Services: Denial of Service (GLSA 201209-09)
Severity: normal
Exploitable: remote
Date: September 25, 2012
Bug(s): #409103
ID: 201209-09
Synopsis
A vulnerability has been found in Atheme which may lead to Denial
of Service or a bypass of security restrictions.
Background
Atheme is a portable and secure set of open-source and modular IRC
services. CertFP is certificate fingerprinting used to authenticate users
to nicknames.
Affected Packages
Package: net-irc/atheme-services
Vulnerable: < 6.0.10
Unaffected: >= 6.0.10
Architectures: All supported architectures
Description
The “myuser_delete()” function in account.c does not properly remove
CertFP entries when deleting user accounts.
Impact
A remote authenticated attacker may be able to cause a Denial of Service
condition or gain access to an Atheme IRC Services user account.
Workaround
There is no known workaround at this time.
Resolution
All Atheme users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/atheme-services-6.0.10"
|
References
CVE-2012-1576
Last edited by GLSA on Mon Sep 15, 2014 4:32 am; edited 4 times in total |
|
News & Announcements
