Date: Mon, 26 Sep 2016 01:43:27 -0400 (EDT) From: cve-assign@...re.org To: carnil@...ian.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Request: irssi: information disclosure vulnerabilit in buf.pl -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > An information disclosure vulnerability in the buf.pl script > > https://irssi.org/2016/09/22/buf.pl-update/ > https://bugs.debian.org/838762 > https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a >>> This patch sets a safer umask of 077 for the scrollbuffer dump, and will >>> remove the temporary file after use to further reduce the attack surface. >> Other users on the same machine may be able to retrieve the whole >> window contents after /UPGRADE when the buf.pl script is loaded. >> Furthermore, this dump of the windows contents is never removed >> afterwards. >> >> Since buf.pl is also an Irssi core script and we recommended its use >> to retain your window content, many people could potentially be >> affected by this. >> buf.pl restores the scrollbuffer between upgrades by writing the >> contents to a file, and reading that after the new process was >> spawned. Through that file, the contents of (private) chat >> conversations may leak to other users. >> >> Mitigating facts >> >> Careful users with a limited umask (e.g. 077) are not affected by this >> bug. However, most Linux systems default to a umask of 022, meaning >> that files written without further restricting the permissions, are >> readable by any user. Use CVE-2016-7553. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX6LTCAAoJEHb/MwWLVhi2zq8P/jv2PkFRxBcw1jgDgBMydNuc +50A3BrF0Uj83eta6SaLs/oh794JIPBAK4oLo4qQ4y1wF/BTHHH3euawbh+OwTYU Uz2LN6tCne6lc/Aig0qdbzrTAYVaLiHX5q7LTP34N7yrVfxtKhoxN15wePu+i4I1 uWmu7UfmowJrORf1hOQajrLtYXgowVpXFjCSju7ZedvM6vJ4yEUFym+UHh+Smasv tLfTDDdyvquKKdyKNKpbTYjvaS5YB109a4+doacyziBbnXH3PR8P97ZiNK6MrBs4 dfwSV+gfdoTEAyHqg5k49G/EEWM5TgxIPz9ve5SZkTmKLQZ0irWEQOekeTy0Z2XL nkqu8Ns/mPMe0wP1yvo5NXo8m8aoPpvhuZBxdLU+oHPFM4USn3N00N23qx8Al7VG cYblMi1b/+w9gzGbV7JpyESDyf2e1eYMt96Lqi5Rv5WzOp0vLlFzJBDGn1fvr7ci QUldD1AMQ8eqkaYcNJ1tq+4uydDj/Vh8huc/HxDS02Bevma4Kx/xHriX8c7nS0Yp +gvhxU+xOK56M0Ab2JgcI/Q65He1O3VVrlbpIlPZRv8kPIn61IrYZSW0A25DcFcm eF8SKi8i1u9/kXZayDAve+aspQfaYwozABrqI5V+b3KHSs/jo/7JThMqk1/5g4XY oG0zGz58jhOzLNlu3Hgs =g0/I -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ