Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Atheme IRC Services ‘mycertfp_delete()’函数安全绕过漏洞
Vulnerability Description
Atheme是一个可移植的、安全的、开源和模块化的IRC服务集。Gentoo是Gentoo基金会的一套开源的Linux系统。 Atheme IRC Services 5.2.7之前的5.x版本,6.0.10之前的6.x版本,7.0.0-beta2之前的7.x版本中存在安全绕过漏洞,该漏洞源于libathemecore/account.c内的"myuser_delete()"函数没有在删除用户账户后正确移除CertFP条目。攻击者利用该漏洞绕过安全限制并执行未授权操作。
CVSS Information
N/A
Vulnerability Type
N/A