CVE-2016-7143

The mauthenticate function in modules/msasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.

References

Affected packages

Git / github.com/charybdis-ircd/charybdis

Affected ranges

Type: GIT
Repo: https://github.com/charybdis-ircd/charybdis
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

818a3fda944b26d4814132cee14cfda4ea4aa824

Affected versions

charybdis-3.*

charybdis-3.5.0

charybdis-3.5.0-rc1

charybdis-3.5.0-test1

charybdis-3.5.1

charybdis-3.5.2

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "307977163491788888553282772178121197387",
                "173380711908594219357427529785413226173",
                "298527943946820592230202928672794915803"
            ]
        },
        "id": "CVE-2016-7143-2b66f471",
        "source": "https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824",
        "signature_type": "Line",
        "target": {
            "file": "modules/m_sasl.c"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 1835.0,
            "function_hash": "255452577363413129625900170026446147051"
        },
        "id": "CVE-2016-7143-f0f3bcd6",
        "source": "https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824",
        "signature_type": "Function",
        "target": {
            "file": "modules/m_sasl.c",
            "function": "m_authenticate"
        },
        "signature_version": "v1",
        "deprecated": false
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7143.json"