CVE-2016-7553

Description

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.

Related CPE's

a irssi buf.pl ********

References

FEDORA-2016-39de4eb5e7

Third Party Advisory

https://irssi.org/security/buf_pl_sa_2016.txt

PatchVendor Advisory

https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a

Patch

93155

Third Party AdvisoryVDB Entry

[oss-security] 20160926 Re: CVE Request: irssi: information disclosure vulnerabilit in buf.pl

Mailing ListPatch

[oss-security] 20160924 CVE Request: irssi: information disclosure vulnerabilit in buf.pl

Mailing ListPatch

CvssV3 impact

BaseSeverity	LOW
ConfidentialityImpact	LOW
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	LOCAL
AvailabilityImpact	NONE
IntegrityImpact	NONE
PrivilegesRequired	LOW
BaseScore	3.3
VectorString	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version	3.0
UserInteraction	NONE

CvssV2 impact

Version	2.0
VectorString	AV:L/AC:L/Au:N/C:P/I:N/A:N
AccessVector	LOCAL
AccessComplexity	LOW
Authentication	NONE
ConfidentialityImpact	PARTIAL
IntegrityImpact	NONE
AvailabilityImpact	NONE
BaseScore	2.0999999046325684

Created by Yello

About Severity.io