CVE-2016-7553
Publication date 27 September 2016
Last updated 24 July 2024
Ubuntu priority
The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| irssi | ||
| 16.04 LTS xenial |
Fixed 0.8.19-1ubuntu1.3
|
|
| 14.04 LTS trusty |
Fixed 0.8.15-5ubuntu3.1
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
3.3 · Low
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-3184-1
- Irssi vulnerabilities
- 1 February 2017