Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 26 Sep 2016 01:43:27 -0400 (EDT)
From: cve-assign@...re.org
To: carnil@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: irssi: information disclosure vulnerabilit in buf.pl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> An information disclosure vulnerability in the buf.pl script
> 
> https://irssi.org/2016/09/22/buf.pl-update/
> https://bugs.debian.org/838762
> https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a

>>> This patch sets a safer umask of 077 for the scrollbuffer dump, and will
>>> remove the temporary file after use to further reduce the attack surface.

>> Other users on the same machine may be able to retrieve the whole
>> window contents after /UPGRADE when the buf.pl script is loaded.
>> Furthermore, this dump of the windows contents is never removed
>> afterwards.
>>
>> Since buf.pl is also an Irssi core script and we recommended its use
>> to retain your window content, many people could potentially be
>> affected by this.

>> buf.pl restores the scrollbuffer between upgrades by writing the
>> contents to a file, and reading that after the new process was
>> spawned. Through that file, the contents of (private) chat
>> conversations may leak to other users.
>>
>> Mitigating facts
>>
>> Careful users with a limited umask (e.g. 077) are not affected by this
>> bug.  However, most Linux systems default to a umask of 022, meaning
>> that files written without further restricting the permissions, are
>> readable by any user.

Use CVE-2016-7553.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX6LTCAAoJEHb/MwWLVhi2zq8P/jv2PkFRxBcw1jgDgBMydNuc
+50A3BrF0Uj83eta6SaLs/oh794JIPBAK4oLo4qQ4y1wF/BTHHH3euawbh+OwTYU
Uz2LN6tCne6lc/Aig0qdbzrTAYVaLiHX5q7LTP34N7yrVfxtKhoxN15wePu+i4I1
uWmu7UfmowJrORf1hOQajrLtYXgowVpXFjCSju7ZedvM6vJ4yEUFym+UHh+Smasv
tLfTDDdyvquKKdyKNKpbTYjvaS5YB109a4+doacyziBbnXH3PR8P97ZiNK6MrBs4
dfwSV+gfdoTEAyHqg5k49G/EEWM5TgxIPz9ve5SZkTmKLQZ0irWEQOekeTy0Z2XL
nkqu8Ns/mPMe0wP1yvo5NXo8m8aoPpvhuZBxdLU+oHPFM4USn3N00N23qx8Al7VG
cYblMi1b/+w9gzGbV7JpyESDyf2e1eYMt96Lqi5Rv5WzOp0vLlFzJBDGn1fvr7ci
QUldD1AMQ8eqkaYcNJ1tq+4uydDj/Vh8huc/HxDS02Bevma4Kx/xHriX8c7nS0Yp
+gvhxU+xOK56M0Ab2JgcI/Q65He1O3VVrlbpIlPZRv8kPIn61IrYZSW0A25DcFcm
eF8SKi8i1u9/kXZayDAve+aspQfaYwozABrqI5V+b3KHSs/jo/7JThMqk1/5g4XY
oG0zGz58jhOzLNlu3Hgs
=g0/I
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.