CVE-2016-7553
Ubuntu Security Notice USN-3184-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.
La secuencia de comandos buf.pl en versiones anteriores a 2.20 en Irssi en versiones anteriores a 0.8.20 utiliza permiso débiles para el archivo de volcado scrollbuffer creado entre actualizaciones, lo que podrían permitir a a usuarios locales obtener información sensible de conversaciones de chat privados leyendo el archivo.
It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Irssi incorrectly handled invalid nick messages. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-09-09 CVE Reserved
- 2017-02-02 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-275: Permission Issues
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/93155 | Third Party Advisory |
| URL | Date | SRC |
|---|