Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 26 Sep 2016 01:43:27 -0400 (EDT)
From: cve-assign@...re.org
To: carnil@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: irssi: information disclosure vulnerabilit in buf.pl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> An information disclosure vulnerability in the buf.pl script
> 
> https://irssi.org/2016/09/22/buf.pl-update/
> https://bugs.debian.org/838762
> https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a

>>> This patch sets a safer umask of 077 for the scrollbuffer dump, and will
>>> remove the temporary file after use to further reduce the attack surface.

>> Other users on the same machine may be able to retrieve the whole
>> window contents after /UPGRADE when the buf.pl script is loaded.
>> Furthermore, this dump of the windows contents is never removed
>> afterwards.
>>
>> Since buf.pl is also an Irssi core script and we recommended its use
>> to retain your window content, many people could potentially be
>> affected by this.

>> buf.pl restores the scrollbuffer between upgrades by writing the
>> contents to a file, and reading that after the new process was
>> spawned. Through that file, the contents of (private) chat
>> conversations may leak to other users.
>>
>> Mitigating facts
>>
>> Careful users with a limited umask (e.g. 077) are not affected by this
>> bug.  However, most Linux systems default to a umask of 022, meaning
>> that files written without further restricting the permissions, are
>> readable by any user.

Use CVE-2016-7553.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX6LTCAAoJEHb/MwWLVhi2zq8P/jv2PkFRxBcw1jgDgBMydNuc
+50A3BrF0Uj83eta6SaLs/oh794JIPBAK4oLo4qQ4y1wF/BTHHH3euawbh+OwTYU
Uz2LN6tCne6lc/Aig0qdbzrTAYVaLiHX5q7LTP34N7yrVfxtKhoxN15wePu+i4I1
uWmu7UfmowJrORf1hOQajrLtYXgowVpXFjCSju7ZedvM6vJ4yEUFym+UHh+Smasv
tLfTDDdyvquKKdyKNKpbTYjvaS5YB109a4+doacyziBbnXH3PR8P97ZiNK6MrBs4
dfwSV+gfdoTEAyHqg5k49G/EEWM5TgxIPz9ve5SZkTmKLQZ0irWEQOekeTy0Z2XL
nkqu8Ns/mPMe0wP1yvo5NXo8m8aoPpvhuZBxdLU+oHPFM4USn3N00N23qx8Al7VG
cYblMi1b/+w9gzGbV7JpyESDyf2e1eYMt96Lqi5Rv5WzOp0vLlFzJBDGn1fvr7ci
QUldD1AMQ8eqkaYcNJ1tq+4uydDj/Vh8huc/HxDS02Bevma4Kx/xHriX8c7nS0Yp
+gvhxU+xOK56M0Ab2JgcI/Q65He1O3VVrlbpIlPZRv8kPIn61IrYZSW0A25DcFcm
eF8SKi8i1u9/kXZayDAve+aspQfaYwozABrqI5V+b3KHSs/jo/7JThMqk1/5g4XY
oG0zGz58jhOzLNlu3Hgs
=g0/I
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ