Joined: 12 May 2004
|Posted: Tue Sep 25, 2012 11:26 am Post subject: [ GLSA 201209-09 ] Atheme IRC Services: Denial of Service
|Gentoo Linux Security Advisory
Title: Atheme IRC Services: Denial of Service (GLSA 201209-09)
Date: September 25, 2012
A vulnerability has been found in Atheme which may lead to Denial
of Service or a bypass of security restrictions.
Atheme is a portable and secure set of open-source and modular IRC
services. CertFP is certificate fingerprinting used to authenticate users
Vulnerable: < 6.0.10
Unaffected: >= 6.0.10
Architectures: All supported architectures
The “myuser_delete()” function in account.c does not properly remove
CertFP entries when deleting user accounts.
A remote authenticated attacker may be able to cause a Denial of Service
condition or gain access to an Atheme IRC Services user account.
There is no known workaround at this time.
All Atheme users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/atheme-services-6.0.10"