Vulnerability Name:

CVE-2012-1576 (CCN-74236)

Assigned:2012-03-20
Published:2012-03-20
Updated:2013-04-05
Summary:The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.
CVSS v3 Severity:6.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): Low
Availibility (A): High
CVSS v2 Severity:6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
4.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:M/C:C/I:P/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:M/C:C/I:P/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Multiple_Instances
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Partial
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Full-disclosure Mailing List, Wed Mar 21 2012
atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour

Source: FULLDISC
Type: UNKNOWN
20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour

Source: MITRE
Type: CNA
CVE-2012-1576

Source: CONFIRM
Type: UNKNOWN
http://git.atheme.org/atheme/commit/?id=3d9551761db2

Source: CONFIRM
Type: UNKNOWN
http://jira.atheme.org/browse/SRV-166

Source: CCN
Type: SA48481
Atheme "myuser_delete()" Certificate Fingerprint Handling Vulnerability

Source: SECUNIA
Type: Vendor Advisory
48481

Source: SECUNIA
Type: UNKNOWN
50704

Source: GENTOO
Type: UNKNOWN
GLSA-201209-09

Source: CCN
Type: Atheme Web site
Atheme

Source: MLIST
Type: UNKNOWN
[oss-security] 20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour

Source: MLIST
Type: UNKNOWN
[oss-security] 20120322 Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour

Source: CCN
Type: OSVDB ID: 80308
Atheme libathemecore/account.c myuser_delete() Function Certificate Fingerprint Deletion Remote DoS

Source: BID
Type: UNKNOWN
52675

Source: CCN
Type: BID-52675
Atheme IRC Services 'mycertfp_delete()' Function Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
atheme-myuserdelete-sec-bypass(74236)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:atheme:atheme:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:6.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:6.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:6.0.9:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:atheme:atheme:7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:7.0.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:7.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:7.0.0:beta2:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:atheme:atheme:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:5.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:5.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:5.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:5.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:5.2.7:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:atheme:atheme:5.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:atheme:atheme:6.0.9:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    atheme atheme 6.0.0
    atheme atheme 6.0.1
    atheme atheme 6.0.2
    atheme atheme 6.0.3
    atheme atheme 6.0.4
    atheme atheme 6.0.5
    atheme atheme 6.0.6
    atheme atheme 6.0.7
    atheme atheme 6.0.8
    atheme atheme 6.0.9
    atheme atheme 7.0.0
    atheme atheme 7.0.0 alpha1
    atheme atheme 7.0.0 beta1
    atheme atheme 7.0.0 beta2
    atheme atheme 5.2.0
    atheme atheme 5.2.1
    atheme atheme 5.2.2
    atheme atheme 5.2.3
    atheme atheme 5.2.4
    atheme atheme 5.2.5
    atheme atheme 5.2.6
    atheme atheme 5.2.7
    atheme atheme 5.2.6
    atheme atheme 6.0.9