Candidate: CVE-2012-1576
PublicDate: 2012-10-01 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1576
 http://www.openwall.com/lists/oss-security/2012/03/22/3
 http://jira.atheme.org/browse/SRV-166
Description:
 The myuser_delete function in libathemecore/account.c in Atheme 5.x before
 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly
 clean up CertFP entries when a user is deleted, which allows remote
 attackers to access a different user account or cause a denial of service
 (daemon crash) via a login as a deleted user.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_atheme-services:
upstream_atheme-services: released (6.0.10)
hardy_atheme-services: ignored (reached end-of-life)
lucid_atheme-services: ignored (reached end-of-life)
maverick_atheme-services: DNE
natty_atheme-services: DNE
oneiric_atheme-services: DNE
precise_atheme-services: DNE
quantal_atheme-services: DNE
raring_atheme-services: not-affected (6.0.11-1)
saucy_atheme-services: not-affected (6.0.11-1)
devel_atheme-services: not-affected (6.0.11-1)