cnvd - cnvd-2016-08459

cnvd-2016-08459

Vulnerability from cnvd

Title

Irssi 'buf.pl'本地信息泄露漏洞

Description

Irssi是Timo Sirainen用C语言写的一个文本用户界面的IRC客户端程序，她的发布遵循GPL（GNU General Public License）。 Irssi中存在本地信息泄露漏洞，本地攻击者可以利用该漏洞获取敏感信息。

Severity

中

Patch Name

Irssi 'buf.pl'本地信息泄露漏洞的补丁

Patch Description

Irssi是Timo Sirainen用C语言写的一个文本用户界面的IRC客户端程序，她的发布遵循GPL（GNU General Public License）。 Irssi中存在本地信息泄露漏洞，本地攻击者可以利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布更新，参考链接如下： https://irssi.org/2016/09/22/buf.pl-update/

Reference

http://www.securityfocus.com/bid/93155

Impacted products

Name
['Irssi Irssi 0.8.9', 'Irssi Irssi 0.8.4']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93155"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7553"
    }
  },
  "description": "Irssi\u662fTimo Sirainen\u7528C\u8bed\u8a00\u5199\u7684\u4e00\u4e2a\u6587\u672c\u7528\u6237\u754c\u9762\u7684IRC\u5ba2\u6237\u7aef\u7a0b\u5e8f\uff0c\u5979\u7684\u53d1\u5e03\u9075\u5faaGPL\uff08GNU General Public License\uff09\u3002\r\n\r\nIrssi\u4e2d\u5b58\u5728\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Salvatore Bonaccorso",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u66f4\u65b0\uff0c\u53c2\u8003\u94fe\u63a5\u5982\u4e0b\uff1a\r\nhttps://irssi.org/2016/09/22/buf.pl-update/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-08459",
  "openTime": "2016-10-09",
  "patchDescription": "Irssi\u662fTimo Sirainen\u7528C\u8bed\u8a00\u5199\u7684\u4e00\u4e2a\u6587\u672c\u7528\u6237\u754c\u9762\u7684IRC\u5ba2\u6237\u7aef\u7a0b\u5e8f\uff0c\u5979\u7684\u53d1\u5e03\u9075\u5faaGPL\uff08GNU General Public License\uff09\u3002\r\n\r\nIrssi\u4e2d\u5b58\u5728\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Irssi \u0027buf.pl\u0027\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Irssi Irssi 0.8.9",
      "Irssi Irssi 0.8.4"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/93155",
  "serverity": "\u4e2d",
  "submitTime": "2016-09-27",
  "title": "Irssi \u0027buf.pl\u0027\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2016-7553 (GCVE-0-2016-7553)

Vulnerability from cvelistv5

Published

2017-02-27 22:00

Modified

2024-08-06 02:04

Severity ?

CWE

Summary

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2016/09/26/4	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2016/09/24/1	mailing-list, x_refsource_MLIST
	https://irssi.org/security/buf_pl_sa_2016.txt	x_refsource_CONFIRM
	https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/93155	vdb-entry, x_refsource_BID