Vulnerabilities

CVE-2012-1576

by Fred · 01/10/2012

The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.

Date published : 2012-10-01

http://www.securityfocus.com/bid/52675

http://git.atheme.org/atheme/commit/?id=3d9551761db2

Similar

Tags: Cybersecurity Alert