diff options
-rw-r--r-- | _includes/sb_whatsnew.html | 2 | ||||
-rw-r--r-- | _posts/2016-09-22-buf.pl-update.markdown | 51 |
2 files changed, 52 insertions, 1 deletions
diff --git a/_includes/sb_whatsnew.html b/_includes/sb_whatsnew.html index c5d4fa5..64683bb 100644 --- a/_includes/sb_whatsnew.html +++ b/_includes/sb_whatsnew.html @@ -1,3 +1,3 @@ +<p><small>2016-09-22</small> <a href="/2016/09/22/buf.pl-update">buf.pl update available!</a> </p> <p><small>2016-09-21</small> <a href="/2016/09/21/irssi-0.8.20-released">Irssi 0.8.20 has been released!</a> </p> -<p><small>2016-03-24</small> <a href="/2016/03/24/irssi-0.8.19-released">Irssi 0.8.19 has been released!</a> </p> <p><small>2015-12-15</small> <a href="/2015/12/14/irssi-website-now-on-github-pages">Irssi site now on github pages!</a> </p> diff --git a/_posts/2016-09-22-buf.pl-update.markdown b/_posts/2016-09-22-buf.pl-update.markdown new file mode 100644 index 0000000..410d011 --- /dev/null +++ b/_posts/2016-09-22-buf.pl-update.markdown @@ -0,0 +1,51 @@ +--- +layout: post +title: "buf.pl update available" +--- + +An information disclosure vulnerability was found, reported and fixed +in the buf.pl script by its author. + +CWE Classification: CWE-732, CWE-538 + +### Impact + +Other users on the same machine may be able to retrieve the whole +window contents after /UPGRADE when the buf.pl script is +loaded. Furthermore, this dump of the windows contents is never +removed afterwards. + +Since buf.pl is also an Irssi core script and we recommended its use +to retain your window content, many people could potentially be +affected by this. + +Remote users may be able to retrieve these contents when combined with +other path traversal vulnerabilities in public facing services on that +machine. + +### Detailed analysis + +buf.pl restores the scrollbuffer between "/upgrade"s by writing the +contents to a file, and reading that after the new process was spawned. +Through that file, the contents of (private) chat conversations may leak to +other users. + +### Mitigating facts + +Careful users with a limited umask (e.g. 077) are not affected by this bug. +However, most Linux systems default to a umask of 022, meaning that files +written without further restricting the permissions, are readable by any +user. + +### Affected versions + +All up to 2.13 + +### Fixed versions + +[buf.pl](//scripts.irssi.org/scripts/buf.pl) 2.20 + +### Resolution + +Update the buf.pl script with the latest version from +[scripts.irssi.org](//scripts.irssi.org).
\ No newline at end of file |