[3.4] charybdis: certificate fingerprint spoofing through crafted SASL messages (CVE-2016-7143)
Incorrect SASL authentication in the Charybdis
IRC server may lead to users impersonating other users.
Fixed in version:
3.5.3
Reference:
http://seclists.org/oss-sec/2016/q3/420
Patch:
https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824
(from redmine: issue id 6140, created on 2016-09-12, closed on 2016-10-14)
- Relations:
- parent #6138 (closed)