Описание
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 6.0.11-1 |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | not-affected | 6.0.11-1 |
| saucy | not-affected | 6.0.11-1 |
Показывать по
EPSS
6 Medium
CVSS2
Связанные уязвимости
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.
EPSS
6 Medium
CVSS2