ubuntu · CVE-2012-1576

Quick triage

Priority: low Published: 2012-10-01 20:55:00 UTC Updated: 2024-07-24 15:57:39 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2012-1576 low priority: Ubuntu including 1 source packages (atheme-services), 10 status rows across 10 suites (hardy, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, upstream): DNE 5, ignored 2, not-affected 2, released 1.

Description:

The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.

cvelogic Threat Intelligence