NVD

Id
43455  
Name
CVE-2012-1576  
Description
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.  
Reject
 
CVSS Version
2  
CVSS Score
6  
Severity
Medium  
CVSS Base Score
6  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2012-10-01  
Modified Date
2013-04-04  
Seq
2012-1576  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
218367 43455 CVE-2012-1576 20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour  View
218368 43455 CVE-2012-1576 http://git.atheme.org/atheme/commit/?id=3d9551761db2  View
218369 43455 CVE-2012-1576 http://jira.atheme.org/browse/SRV-166  View
218370 43455 CVE-2012-1576 GLSA-201209-09  View
218371 43455 CVE-2012-1576 [oss-security] 20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour  View
218372 43455 CVE-2012-1576 [oss-security] 20120322 Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour  View
218373 43455 CVE-2012-1576 52675  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
28981 JVNDB-2012-004688 Atheme の libathemecore/account.c における異なるユーザにアクセスされる脆弱性 Atheme の libathemecore/account.c 内の myuser_delete 関数は、ユーザが削除される際、CertFP エントリを適切にクリーンアップしないため、異なるユーザにアクセスされる、またはサービス運用妨害 (デーモンクラッシュ) 状態となる脆弱性が存在します。 CVE-2012-1576 54814 CVE-2012-1576 43455 6 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004688.html 2012-10-01 2012-10-03 View