The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/09/24/1 | Mailing List Patch |
http://www.openwall.com/lists/oss-security/2016/09/26/4 | Mailing List Patch |
http://www.securityfocus.com/bid/93155 | Third Party Advisory VDB Entry |
https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a | Patch |
https://irssi.org/security/buf_pl_sa_2016.txt | Patch Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: debian
Published: 2017-02-27T22:00:00
Updated: 2017-02-28T13:57:01
Reserved: 2016-09-09T00:00:00
Link: CVE-2016-7553
JSON object: View
NVD Information
Status : Modified
Published: 2017-02-27T22:59:00.480
Modified: 2023-11-07T02:34:43.543
Link: CVE-2016-7553
JSON object: View
Redhat Information
No data.
CWE