CVE-2014-9773

Published: Jun 13, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.

Affected (3)

Products: Opensuse: Leap, Opensuse · Atheme: Atheme

2 products

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1
Opensuse Opensuse	Version 13.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Atheme Atheme	Up to 7.2.6

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (10)

http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/05/02/2

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/05/03/1

Source: cve@mitre.org

https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b

Source: cve@mitre.org

Vendor Advisory

https://github.com/atheme/atheme/issues/397

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html