CVE-2016-7553 — Incorrect Permission Assignment in Irssi

CWE-275 CWE-732 — Incorrect Permission Assignment10 documents7 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 75.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Irssi Debian Irssi Irssi Buf.pl

Timeline

PublishedFeb 27

Latest updateMay 17

Description

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶debiandebian/irssi< irssi 0.8.20-2 (bookworm)

▶Debianirssi/irssi< 0.8.20-2+3

▶Ubuntuirssi/irssi< 0.8.15-5ubuntu3.1+1

▶NVDirssi/buf.pl2.13

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-6fh2-w324-phpv: The buf↗2022-05-17

▶

OSV

CVE-2016-7553: The buf↗2017-02-27

▶

OSV

irssi vulnerabilities↗2017-02-01

▶

📋Vendor Advisories

Ubuntu

Irssi vulnerabilities↗2017-02-01

▶

Red Hat

irssi: Information disclosure in buf.pl↗2016-09-22

▶

Debian

CVE-2016-7553: irssi - The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for t...↗2016

▶

💬Community

Bugzilla

CVE-2016-7553 irssi: Information disclosure in buf.pl [epel-5]↗2016-09-26

▶

Bugzilla

CVE-2016-7553 irssi: Information disclosure in buf.pl↗2016-09-26

▶

Bugzilla

CVE-2016-7553 irssi: Information disclosure in buf.pl [fedora-all]↗2016-09-26

▶