Date: Sat, 24 Sep 2016 15:44:19 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: CVE Request: irssi: information disclosure vulnerabilit in buf.pl Hi An information disclosure vulnerability in the buf.pl script provided by irssi, a terminal based IRC client has been found. Quoting the advisory at: https://irssi.org/2016/09/22/buf.pl-update/ ] > buf.pl update available > > Posted on September 22^nd 2016 > > An information disclosure vulnerability was found, reported and fixed > in the buf.pl script by its author. > > CWE Classification: CWE-732, CWE-538 > > Impact > > Other users on the same machine may be able to retrieve the whole > window contents after /UPGRADE when the buf.pl script is loaded. > Furthermore, this dump of the windows contents is never removed > afterwards. > > Since buf.pl is also an Irssi core script and we recommended its use > to retain your window content, many people could potentially be > affected by this. > > Remote users may be able to retrieve these contents when combined with > other path traversal vulnerabilities in public facing services on that > machine. > > Detailed analysis > > buf.pl restores the scrollbuffer between “/upgrade”s by writing the > contents to a file, and reading that after the new process was > spawned. Through that file, the contents of (private) chat > conversations may leak to other users. > > Mitigating facts > > Careful users with a limited umask (e.g. 077) are not affected by this > bug. However, most Linux systems default to a umask of 022, meaning > that files written without further restricting the permissions, are > readable by any user. > > Affected versions > > All up to 2.13 > > Fixed versions > > buf.pl 2.20 > > Resolution > > Update the buf.pl script with the latest version from scripts.irssi.org. Upstream fix: https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a Debian Bug report: https://bugs.debian.org/838762 Could a CVE be assigned for this issue? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ