The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/09/24/1 | Mailing List Patch |
http://www.openwall.com/lists/oss-security/2016/09/26/4 | Mailing List Patch |
http://www.securityfocus.com/bid/93155 | Third Party Advisory VDB Entry |
https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a | Patch |
https://irssi.org/security/buf_pl_sa_2016.txt | Patch Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/ |
Configurations
History
07 Nov 2023, 02:34
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-02-27 22:59
Updated : 2024-02-28 15:44
NVD link : CVE-2016-7553
Mitre link : CVE-2016-7553
CVE.ORG link : CVE-2016-7553
JSON object : View
Products Affected
irssi
- buf.pl
CWE
CWE-275
Permission Issues