Home page logo
/

bugtraq logo Bugtraq mailing list archives

Permission problem in Skype BETA for linux
From: Peter Conrad <conrad () tivano de>
Date: Wed, 22 Dec 2004 18:12:36 +0100

Date: December 2004

Product: Skype (http://skype.com/)

"Skype is free Internet telephony that just works.
 Skype is for calling other people on their computers or phones.
 Download Skype and start calling for free all over the world."

Affected versions:

Linux RPM's version 0.92.0.12, possibly others.
(Linux versions are marked as "BETA")

Problem Description:

During installation a world-writable directory "/usr/share/skype/lang" is
created.

Impact:

The directory (presumably) contains various language files used by the
skype application. An attacker could modify these files. It is unknown if
this could be used for attacking local users running the skype application.

Solution:

The problem seems to be fixed in version 0.93.0.3, which is currently
available for download from the skype website.

History:

 - Vendor notified on 19-Nov-2004
 - Vendor acknowledged problem within 40 minutes
 - Fixed version available since 21-Dec-2004

-- 
Peter Conrad                        Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH             Fax: +49 6102 / 80 99 071
Bahnhofstr. 18                      http://www.tivano.de/
63263 Neu-Isenburg

Germany


  By Date           By Thread  

Current thread:
  • Permission problem in Skype BETA for linux Peter Conrad (Dec 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]