CVE-2016-7553

Опубликовано: 27 фев. 2017

Источник: nvd

CVSS3: 3.3

CVSS2: 2.1

EPSS Низкий

Описание

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.

Ссылки

http://www.openwall.com/lists/oss-security/2016/09/24/1
Mailing List
Patch
http://www.openwall.com/lists/oss-security/2016/09/26/4
Mailing List
Patch
http://www.securityfocus.com/bid/93155
Third Party Advisory
VDB Entry
https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
Patch
https://irssi.org/security/buf_pl_sa_2016.txt
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/
http://www.openwall.com/lists/oss-security/2016/09/24/1
Mailing List
Patch
http://www.openwall.com/lists/oss-security/2016/09/26/4
Mailing List
Patch
http://www.securityfocus.com/bid/93155
Third Party Advisory
VDB Entry
https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
Patch
https://irssi.org/security/buf_pl_sa_2016.txt
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:irssi:buf.pl:*:*:*:*:*:*:*:*

Версия до 2.13 (включая)

EPSS

Процентиль: 25%

0.00084

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-275

Связанные уязвимости

CVE-2016-7553

CVSS3: 3.3

ubuntu

почти 9 лет назад

CVE-2016-7553

CVSS3: 3.3

redhat

больше 9 лет назад

CVE-2016-7553

CVSS3: 3.3

debian

почти 9 лет назад

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permiss ...

GHSA-6fh2-w324-phpv

CVSS3: 3.3

github

больше 3 лет назад

EPSS

Процентиль: 25%

0.00084

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-275