CVE-2016-7142

Опубликовано: 26 сент. 2016

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.

Ссылки

http://www.debian.org/security/2016/dsa-3662
Third Party Advisory
http://www.inspircd.org/2016/09/03/v2023-released.html
Release Notes
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/09/04/3
http://www.openwall.com/lists/oss-security/2016/09/05/8
Third Party Advisory
https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a
http://www.debian.org/security/2016/dsa-3662
Third Party Advisory
http://www.inspircd.org/2016/09/03/v2023-released.html
Release Notes
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/09/04/3
http://www.openwall.com/lists/oss-security/2016/09/05/8
Third Party Advisory
https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:inspircd:inspircd:*:*:*:*:*:*:*:*

Версия до 2.0.22 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00138

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2016-7142

CVSS3: 5.9

ubuntu

больше 9 лет назад

CVE-2016-7142

CVSS3: 5.9

debian

больше 9 лет назад

The m_sasl module in InspIRCd before 2.0.23, when used with a service ...

GHSA-2vvc-952f-f8xg

CVSS3: 5.9

github

больше 3 лет назад

EPSS

Процентиль: 34%

0.00138

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-264