Required CVE Record Information
Description
The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
References 6 Total
- https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824
- debian.org: DSA-3661 vendor-advisory
- https://github.com/charybdis-ircd/charybdis/blob/charybdis-3.5.3/NEWS.md
- securityfocus.com: 92761 vdb-entry
- openwall.com: [oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis mailing-list
- openwall.com: [oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824 x_transferred
- debian.org: DSA-3661 vendor-advisoryx_transferred
- https://github.com/charybdis-ircd/charybdis/blob/charybdis-3.5.3/NEWS.md x_transferred
- securityfocus.com: 92761 vdb-entryx_transferred
- openwall.com: [oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis mailing-listx_transferred
- openwall.com: [oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis mailing-listx_transferred