The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.
References
Configurations
History
21 Nov 2024, 02:58
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2016/09/24/1 - Mailing List, Patch | |
References | () http://www.openwall.com/lists/oss-security/2016/09/26/4 - Mailing List, Patch | |
References | () http://www.securityfocus.com/bid/93155 - Third Party Advisory, VDB Entry | |
References | () https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a - Patch | |
References | () https://irssi.org/security/buf_pl_sa_2016.txt - Patch, Vendor Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/ - |
07 Nov 2023, 02:34
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-02-27 22:59
Updated : 2024-11-21 02:58
NVD link : CVE-2016-7553
Mitre link : CVE-2016-7553
CVE.ORG link : CVE-2016-7553
JSON object : View
Products Affected
irssi
- buf.pl
CWE
CWE-275
Permission Issues