Search criteria
6 vulnerabilities by atheme
CVE-2024-27508 (GCVE-0-2024-27508)
Vulnerability from cvelistv5 – Published: 2024-02-27 00:00 – Updated: 2024-08-29 15:01
VLAI
Summary
Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/LuMingYinDetect/Atheme_defects/blob/main/Atheme_detect_1.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:atheme:atheme:7.2.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "atheme",
"vendor": "atheme",
"versions": [
{
"status": "affected",
"version": "7.2.12"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T20:01:44.997880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:01:56.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T15:37:00.707Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/LuMingYinDetect/Atheme_defects/blob/main/Atheme_detect_1.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-27508",
"datePublished": "2024-02-27T00:00:00.000Z",
"dateReserved": "2024-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-29T15:01:56.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24976 (GCVE-0-2022-24976)
Vulnerability from cvelistv5 – Published: 2022-02-13 06:20 – Updated: 2024-08-03 04:29
VLAI
Summary
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2022/… | x_refsource_MISC |
| https://github.com/atheme/atheme/commit/4e664c75d… | x_refsource_MISC |
| https://github.com/atheme/atheme/compare/v7.2.11.… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/01/30/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/atheme/atheme/compare/v7.2.11...v7.2.12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-13T06:20:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2022/01/30/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/atheme/atheme/compare/v7.2.11...v7.2.12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2022/01/30/4",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/01/30/4"
},
{
"name": "https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52",
"refsource": "MISC",
"url": "https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52"
},
{
"name": "https://github.com/atheme/atheme/compare/v7.2.11...v7.2.12",
"refsource": "MISC",
"url": "https://github.com/atheme/atheme/compare/v7.2.11...v7.2.12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24976",
"datePublished": "2022-02-13T06:20:02.000Z",
"dateReserved": "2022-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:29:01.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6384 (GCVE-0-2017-6384)
Vulnerability from cvelistv5 – Published: 2017-03-02 06:00 – Updated: 2024-08-05 15:25
VLAI
Summary
Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96552 | vdb-entryx_refsource_BID |
| https://github.com/atheme/atheme/releases/tag/v7.2.8 | x_refsource_CONFIRM |
| https://github.com/atheme/atheme/pull/539 | x_refsource_CONFIRM |
Date Public
2017-03-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/atheme/atheme/releases/tag/v7.2.8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/atheme/atheme/pull/539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/atheme/atheme/releases/tag/v7.2.8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/atheme/atheme/pull/539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96552"
},
{
"name": "https://github.com/atheme/atheme/releases/tag/v7.2.8",
"refsource": "CONFIRM",
"url": "https://github.com/atheme/atheme/releases/tag/v7.2.8"
},
{
"name": "https://github.com/atheme/atheme/pull/539",
"refsource": "CONFIRM",
"url": "https://github.com/atheme/atheme/pull/539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6384",
"datePublished": "2017-03-02T06:00:00.000Z",
"dateReserved": "2017-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:25:49.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4478 (GCVE-0-2016-4478)
Vulnerability from cvelistv5 – Published: 2016-06-13 19:00 – Updated: 2024-08-06 00:32
VLAI
Summary
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/05/03/1 | mailing-listx_refsource_MLIST |
| https://github.com/atheme/atheme/commit/87580d767… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| http://www.debian.org/security/2016/dsa-3586 | vendor-advisoryx_refsource_DEBIAN |
| http://www.openwall.com/lists/oss-security/2016/05/02/2 | mailing-listx_refsource_MLIST |
Date Public
2016-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160503 Re: CVE request: atheme: security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e"
},
{
"name": "openSUSE-SU-2016:1312",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html"
},
{
"name": "DSA-3586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3586"
},
{
"name": "[oss-security] 20160502 CVE request: atheme: security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/02/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-15T11:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160503 Re: CVE request: atheme: security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e"
},
{
"name": "openSUSE-SU-2016:1312",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html"
},
{
"name": "DSA-3586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3586"
},
{
"name": "[oss-security] 20160502 CVE request: atheme: security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/02/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160503 Re: CVE request: atheme: security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/1"
},
{
"name": "https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e",
"refsource": "CONFIRM",
"url": "https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e"
},
{
"name": "openSUSE-SU-2016:1312",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html"
},
{
"name": "DSA-3586",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3586"
},
{
"name": "[oss-security] 20160502 CVE request: atheme: security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/02/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4478",
"datePublished": "2016-06-13T19:00:00.000Z",
"dateReserved": "2016-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:32:25.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9773 (GCVE-0-2014-9773)
Vulnerability from cvelistv5 – Published: 2016-06-13 19:00 – Updated: 2024-08-06 13:55
VLAI
Summary
modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/05/03/1 | mailing-listx_refsource_MLIST |
| https://github.com/atheme/atheme/issues/397 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| https://github.com/atheme/atheme/commit/c597156ad… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/05/02/2 | mailing-listx_refsource_MLIST |
Date Public
2014-11-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160503 Re: CVE request: atheme: security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/atheme/atheme/issues/397"
},
{
"name": "openSUSE-SU-2016:1312",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b"
},
{
"name": "[oss-security] 20160502 CVE request: atheme: security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/02/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-13T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160503 Re: CVE request: atheme: security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/atheme/atheme/issues/397"
},
{
"name": "openSUSE-SU-2016:1312",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b"
},
{
"name": "[oss-security] 20160502 CVE request: atheme: security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/02/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160503 Re: CVE request: atheme: security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/1"
},
{
"name": "https://github.com/atheme/atheme/issues/397",
"refsource": "CONFIRM",
"url": "https://github.com/atheme/atheme/issues/397"
},
{
"name": "openSUSE-SU-2016:1312",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html"
},
{
"name": "https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b",
"refsource": "CONFIRM",
"url": "https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b"
},
{
"name": "[oss-security] 20160502 CVE request: atheme: security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/02/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9773",
"datePublished": "2016-06-13T19:00:00.000Z",
"dateReserved": "2016-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:55:04.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1576 (GCVE-0-2012-1576)
Vulnerability from cvelistv5 – Published: 2012-10-01 20:00 – Updated: 2024-08-06 19:01
VLAI
Summary
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-201209-09.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.openwall.com/lists/oss-security/2012/03/23/2 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/03/22/3 | mailing-listx_refsource_MLIST |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://secunia.com/advisories/50704 | third-party-advisoryx_refsource_SECUNIA |
| http://jira.atheme.org/browse/SRV-166 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/52675 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/48481 | third-party-advisoryx_refsource_SECUNIA |
| http://git.atheme.org/atheme/commit/?id=3d9551761db2 | x_refsource_CONFIRM |
Date Public
2012-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-09.xml"
},
{
"name": "[oss-security] 20120322 Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/2"
},
{
"name": "[oss-security] 20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/22/3"
},
{
"name": "20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-03/0248.html"
},
{
"name": "50704",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50704"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jira.atheme.org/browse/SRV-166"
},
{
"name": "52675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52675"
},
{
"name": "48481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.atheme.org/atheme/commit/?id=3d9551761db2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-02T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201209-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-09.xml"
},
{
"name": "[oss-security] 20120322 Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/2"
},
{
"name": "[oss-security] 20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/22/3"
},
{
"name": "20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-03/0248.html"
},
{
"name": "50704",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50704"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jira.atheme.org/browse/SRV-166"
},
{
"name": "52675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52675"
},
{
"name": "48481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.atheme.org/atheme/commit/?id=3d9551761db2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-09.xml"
},
{
"name": "[oss-security] 20120322 Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/2"
},
{
"name": "[oss-security] 20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/22/3"
},
{
"name": "20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-03/0248.html"
},
{
"name": "50704",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50704"
},
{
"name": "http://jira.atheme.org/browse/SRV-166",
"refsource": "CONFIRM",
"url": "http://jira.atheme.org/browse/SRV-166"
},
{
"name": "52675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52675"
},
{
"name": "48481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48481"
},
{
"name": "http://git.atheme.org/atheme/commit/?id=3d9551761db2",
"refsource": "CONFIRM",
"url": "http://git.atheme.org/atheme/commit/?id=3d9551761db2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1576",
"datePublished": "2012-10-01T20:00:00.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:02.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}