Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 24 Sep 2016 15:44:19 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: CVE Request: irssi: information disclosure vulnerabilit in buf.pl

Hi

An information disclosure vulnerability in the buf.pl script provided
by irssi, a terminal based IRC client has been found. Quoting the
advisory at:

https://irssi.org/2016/09/22/buf.pl-update/

                  ]
> buf.pl update available
> 
> Posted on September 22^nd 2016
> 
> An information disclosure vulnerability was found, reported and fixed
> in the buf.pl script by its author.
> 
> CWE Classification: CWE-732, CWE-538
> 
> Impact
> 
> Other users on the same machine may be able to retrieve the whole
> window contents after /UPGRADE when the buf.pl script is loaded.
> Furthermore, this dump of the windows contents is never removed
> afterwards.
> 
> Since buf.pl is also an Irssi core script and we recommended its use
> to retain your window content, many people could potentially be
> affected by this.
> 
> Remote users may be able to retrieve these contents when combined with
> other path traversal vulnerabilities in public facing services on that
> machine.
> 
> Detailed analysis
> 
> buf.pl restores the scrollbuffer between “/upgrade”s by writing the
> contents to a file, and reading that after the new process was
> spawned. Through that file, the contents of (private) chat
> conversations may leak to other users.
> 
> Mitigating facts
> 
> Careful users with a limited umask (e.g. 077) are not affected by this
> bug.  However, most Linux systems default to a umask of 022, meaning
> that files written without further restricting the permissions, are
> readable by any user.
> 
> Affected versions
> 
> All up to 2.13
> 
> Fixed versions
> 
> buf.pl 2.20
> 
> Resolution
> 
> Update the buf.pl script with the latest version from scripts.irssi.org.

Upstream fix:
https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a

Debian Bug report: https://bugs.debian.org/838762

Could a CVE be assigned for this issue?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ