mailing list archives
Permission problem in Skype BETA for linux
From: Peter Conrad <conrad () tivano de>
Date: Wed, 22 Dec 2004 18:12:36 +0100
Date: December 2004
Product: Skype (http://skype.com/)
"Skype is free Internet telephony that just works.
Skype is for calling other people on their computers or phones.
Download Skype and start calling for free all over the world."
Linux RPM's version 0.92.0.12, possibly others.
(Linux versions are marked as "BETA")
During installation a world-writable directory "/usr/share/skype/lang" is
The directory (presumably) contains various language files used by the
skype application. An attacker could modify these files. It is unknown if
this could be used for attacking local users running the skype application.
The problem seems to be fixed in version 0.93.0.3, which is currently
available for download from the skype website.
- Vendor notified on 19-Nov-2004
- Vendor acknowledged problem within 40 minutes
- Fixed version available since 21-Dec-2004
Peter Conrad Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH Fax: +49 6102 / 80 99 071
Bahnhofstr. 18 http://www.tivano.de/
- Permission problem in Skype BETA for linux Peter Conrad (Dec 22)