Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: GLSA-201209-09 Moderate: Denial of Service in Atheme IRC Services

gentoo
Calendar Grey September 25, 2012
Dist Gentoo Esm H88
The advisory from Gentoo highlights a vulnerability in Atheme that could lead to a denial of service, urging users to upgrade their systems to mitigate potential risks.
A vulnerability has been found in Atheme which may lead to Denial of Service or a bypass of security restrictions.

Summary

The myuser_delete() function in account.c does not properly remove CertFP entries when deleting user accounts.

Topics%20covered

Topics Covered

security advisory Gentoo security issue service update Denial of Service version upgrade Atheme

Resolution

All Atheme users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/atheme-services-6.0.10"

References

[ 1 ] CVE-2012-1576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1576

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201209-09
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: Atheme IRC Services: Denial of Service
Date: September 25, 2012
Bugs: #409103
ID: 201209-09

Topics%20covered

Topics Covered

security advisory Gentoo security issue service update Denial of Service version upgrade Atheme

Synopsis

A vulnerability has been found in Atheme which may lead to Denial of Service or a bypass of security restrictions.

Background

Atheme is a portable and secure set of open-source and modular IRC services. CertFP is certificate fingerprinting used to authenticate users to nicknames.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-irc/atheme-services < 6.0.10 >= 6.0.10

Impact

===== A remote authenticated attacker may be able to cause a Denial of Service condition or gain access to an Atheme IRC Services user account.

Workaround

There is no known workaround at this time.

Related News

Your message here