CVE-2022-24976

Опубликовано: 14 фев. 2022

Источник: debian

Описание

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
atheme-services	fixed	7.2.12-1		package
atheme-services	no-dsa		bullseye	package
atheme-services	no-dsa		buster	package
atheme-services	postponed		stretch	package

Примечания

https://www.openwall.com/lists/oss-security/2022/01/30/4
https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52

Связанные уязвимости

CVE-2022-24976

CVSS3: 9.1

ubuntu

почти 4 года назад

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.

CVE-2022-24976

CVSS3: 9.1

nvd

почти 4 года назад

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.

openSUSE-SU-2022:10019-1

suse-cvrf

больше 3 лет назад

Security update for atheme

openSUSE-SU-2022:10018-1

suse-cvrf

больше 3 лет назад

Security update for atheme

GHSA-3fv4-6wvg-x83x

github

почти 4 года назад

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.