Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-7553

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.

Published

2017-02-27T22:59:00.480

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 3.3 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-275

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	irssi	buf.pl	≤ 2.13	Yes

References

http://www.openwall.com/lists/oss-security/2016/09/24/1 Mailing List, Patch ([email protected])
http://www.openwall.com/lists/oss-security/2016/09/26/4 Mailing List, Patch ([email protected])
http://www.securityfocus.com/bid/93155 Third Party Advisory, VDB Entry ([email protected])
https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a Patch ([email protected])
https://irssi.org/security/buf_pl_sa_2016.txt Patch, Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/ ([email protected])
http://www.openwall.com/lists/oss-security/2016/09/24/1 Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/09/26/4 Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/93155 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a Patch (af854a3a-2127-422b-91ae-364da2661108)
https://irssi.org/security/buf_pl_sa_2016.txt Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/ (af854a3a-2127-422b-91ae-364da2661108)