diff options
author | Ailin Nemui <ailin@z30a.localdomain> | 2016-09-26 14:24:23 +0200 |
---|---|---|
committer | Ailin Nemui <ailin@z30a.localdomain> | 2016-09-26 14:24:23 +0200 |
commit | b73f9a3ccb3378960f4f930c7d8713ad9069fbd9 (patch) | |
tree | bcec7db8892032b424aec67ca834529fcbbedfd0 /security/buf_pl_sa_2016.txt | |
parent | 9174c8a14d85ce3274ef42a1aff57a1256f32902 (diff) | |
download | irssi.github.io-b73f9a3ccb3378960f4f930c7d8713ad9069fbd9.zip |
improve news layout, update buf cve
Diffstat (limited to 'security/buf_pl_sa_2016.txt')
-rw-r--r-- | security/buf_pl_sa_2016.txt | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/security/buf_pl_sa_2016.txt b/security/buf_pl_sa_2016.txt new file mode 100644 index 0000000..7257538 --- /dev/null +++ b/security/buf_pl_sa_2016.txt @@ -0,0 +1,73 @@ +information disclosure vulnerability in buf.pl +============================================== +CWE Classification: CWE-732, CWE-538 + +CVE-2016-7553 [1] was assigned to this bug. + + +Description +----------- + +An information disclosure vulnerability was found, reported and fixed +in the buf.pl script by its author. + + +Impact +------ + +Other users on the same machine may be able to retrieve the whole +window contents after /UPGRADE when the buf.pl script is +loaded. Furthermore, this dump of the windows contents is never +removed afterwards. + +Since buf.pl is also an Irssi core script and we recommended its use +to retain your window content, many people could potentially be +affected by this. + +Remote users may be able to retrieve these contents when combined with +other path traversal vulnerabilities in public facing services on that +machine. + + +Detailed analysis +----------------- + +buf.pl restores the scrollbuffer between "/upgrade"s by writing the +contents to a file, and reading that after the new process was spawned. +Through that file, the contents of (private) chat conversations may leak to +other users. + + +Mitigating facts +---------------- + +Careful users with a limited umask (e.g. 077) are not affected by this bug. +However, most Linux systems default to a umask of 022, meaning that files +written without further restricting the permissions, are readable by any +user. + + +Affected versions +----------------- + +All up to 2.13 + + +Fixed versions +-------------- + +buf.pl 2.20 [2] + + +Resolution +---------- + +Update the buf.pl script with the latest version from +https://scripts.irssi.org + + +References +---------- + +[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553 +[2] https://scripts.irssi.org/scripts/buf.pl |