| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Dec 2004 18:12:36 +0100 From: Peter Conrad <conrad@...ano.de> To: bugtraq@...urityfocus.com Subject: Permission problem in Skype BETA for linux Date: December 2004 Product: Skype (http://skype.com/) "Skype is free Internet telephony that just works. Skype is for calling other people on their computers or phones. Download Skype and start calling for free all over the world." Affected versions: Linux RPM's version 0.92.0.12, possibly others. (Linux versions are marked as "BETA") Problem Description: During installation a world-writable directory "/usr/share/skype/lang" is created. Impact: The directory (presumably) contains various language files used by the skype application. An attacker could modify these files. It is unknown if this could be used for attacking local users running the skype application. Solution: The problem seems to be fixed in version 0.93.0.3, which is currently available for download from the skype website. History: - Vendor notified on 19-Nov-2004 - Vendor acknowledged problem within 40 minutes - Fixed version available since 21-Dec-2004 -- Peter Conrad Tel: +49 6102 / 80 99 072 [ t]ivano Software GmbH Fax: +49 6102 / 80 99 071 Bahnhofstr. 18 http://www.tivano.de/ 63263 Neu-Isenburg Germany
Powered by blists - more mailing lists