CVE Vulnerabilities

CVE-2016-7142

Published: Sep 26, 2016 | Modified: Sep 14, 2020
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.

Affected Software

Name Vendor Start Version End Version
Inspircd Inspircd * 2.0.22 (including)
Inspircd Ubuntu artful *
Inspircd Ubuntu esm-apps/xenial *
Inspircd Ubuntu precise *
Inspircd Ubuntu trusty *
Inspircd Ubuntu upstream *
Inspircd Ubuntu xenial *
Inspircd Ubuntu yakkety *
Inspircd Ubuntu zesty *

References