View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2012-1576 low priority: Ubuntu including 1 source packages (atheme-services), 10 status rows across 10 suites (hardy, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, upstream): DNE 5, ignored 2, not-affected 2, released 1.
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.