oss-sec mailing list archives
Re: CVE Request: irssi: information disclosure vulnerabilit in buf.pl
From: cve-assign () mitre org
Date: Mon, 26 Sep 2016 01:43:27 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
An information disclosure vulnerability in the buf.pl script https://irssi.org/2016/09/22/buf.pl-update/ https://bugs.debian.org/838762 https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
This patch sets a safer umask of 077 for the scrollbuffer dump, and will remove the temporary file after use to further reduce the attack surface.
Other users on the same machine may be able to retrieve the whole window contents after /UPGRADE when the buf.pl script is loaded. Furthermore, this dump of the windows contents is never removed afterwards. Since buf.pl is also an Irssi core script and we recommended its use to retain your window content, many people could potentially be affected by this.
buf.pl restores the scrollbuffer between upgrades by writing the contents to a file, and reading that after the new process was spawned. Through that file, the contents of (private) chat conversations may leak to other users. Mitigating facts Careful users with a limited umask (e.g. 077) are not affected by this bug. However, most Linux systems default to a umask of 022, meaning that files written without further restricting the permissions, are readable by any user.
Use CVE-2016-7553. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX6LTCAAoJEHb/MwWLVhi2zq8P/jv2PkFRxBcw1jgDgBMydNuc +50A3BrF0Uj83eta6SaLs/oh794JIPBAK4oLo4qQ4y1wF/BTHHH3euawbh+OwTYU Uz2LN6tCne6lc/Aig0qdbzrTAYVaLiHX5q7LTP34N7yrVfxtKhoxN15wePu+i4I1 uWmu7UfmowJrORf1hOQajrLtYXgowVpXFjCSju7ZedvM6vJ4yEUFym+UHh+Smasv tLfTDDdyvquKKdyKNKpbTYjvaS5YB109a4+doacyziBbnXH3PR8P97ZiNK6MrBs4 dfwSV+gfdoTEAyHqg5k49G/EEWM5TgxIPz9ve5SZkTmKLQZ0irWEQOekeTy0Z2XL nkqu8Ns/mPMe0wP1yvo5NXo8m8aoPpvhuZBxdLU+oHPFM4USn3N00N23qx8Al7VG cYblMi1b/+w9gzGbV7JpyESDyf2e1eYMt96Lqi5Rv5WzOp0vLlFzJBDGn1fvr7ci QUldD1AMQ8eqkaYcNJ1tq+4uydDj/Vh8huc/HxDS02Bevma4Kx/xHriX8c7nS0Yp +gvhxU+xOK56M0Ab2JgcI/Q65He1O3VVrlbpIlPZRv8kPIn61IrYZSW0A25DcFcm eF8SKi8i1u9/kXZayDAve+aspQfaYwozABrqI5V+b3KHSs/jo/7JThMqk1/5g4XY oG0zGz58jhOzLNlu3Hgs =g0/I -----END PGP SIGNATURE-----
Current thread:
- CVE Request: irssi: information disclosure vulnerabilit in buf.pl Salvatore Bonaccorso (Sep 24)
- Re: CVE Request: irssi: information disclosure vulnerabilit in buf.pl cve-assign (Sep 25)