Atheme IRC Services: Denial of Service
Gentoo Linux Security Advisory
||GLSA 201209-09 / atheme
||September 25, 2012
||September 25, 2012: 1
All supported architectures
A vulnerability has been found in Atheme which may lead to Denial
of Service or a bypass of security restrictions.
Atheme is a portable and secure set of open-source and modular IRC
services. CertFP is certificate fingerprinting used to authenticate users
The “myuser_delete()” function in account.c does not properly remove
CertFP entries when deleting user accounts.
A remote authenticated attacker may be able to cause a Denial of Service
condition or gain access to an Atheme IRC Services user account.
There is no known workaround at this time.
All Atheme users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/atheme-services-6.0.10"