CVE-2012-1576

Published: Oct 1, 2012Modified: Apr 29, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.

Affected (22)

Products: Atheme: Atheme

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Atheme Atheme	Version 6.0.0
Atheme Atheme	Version 6.0.1
Atheme Atheme	Version 6.0.2
Atheme Atheme	Version 6.0.3
Atheme Atheme	Version 6.0.4
Atheme Atheme	Version 6.0.5
Atheme Atheme	Version 6.0.6
Atheme Atheme	Version 6.0.7
Atheme Atheme	Version 6.0.8
Atheme Atheme	Version 6.0.9

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Atheme Atheme	Version 7.0.0
Atheme Atheme	Version 7.0.0 alpha1
Atheme Atheme	Version 7.0.0 beta1
Atheme Atheme	Version 7.0.0 beta2

Configuration C

8 vulnerable

Vulnerable Software	Affected Versions
Atheme Atheme	Version 5.2.0
Atheme Atheme	Version 5.2.1
Atheme Atheme	Version 5.2.2
Atheme Atheme	Version 5.2.3
Atheme Atheme	Version 5.2.4
Atheme Atheme	Version 5.2.5
Atheme Atheme	Version 5.2.6
Atheme Atheme	Version 5.2.7

Related CWEs

References (18)

http://archives.neohapsis.com/archives/fulldisclosure/2012-03/0248.html

Source: secalert@redhat.com

http://git.atheme.org/atheme/commit/?id=3d9551761db2

Source: secalert@redhat.com

http://jira.atheme.org/browse/SRV-166

Source: secalert@redhat.com

http://secunia.com/advisories/48481

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/50704

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-201209-09.xml

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/03/22/3

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/03/23/2

Source: secalert@redhat.com

http://www.securityfocus.com/bid/52675

Source: secalert@redhat.com

http://archives.neohapsis.com/archives/fulldisclosure/2012-03/0248.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://git.atheme.org/atheme/commit/?id=3d9551761db2

Source: af854a3a-2127-422b-91ae-364da2661108

http://jira.atheme.org/browse/SRV-166

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/48481

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/50704

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201209-09.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/03/22/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/03/23/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/52675

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.