Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <55840.351476462-sendEmail@localhost>
Date: Mon, 1 May 2017 11:52:20 +0000
From: "Agostino Sarubbo" <ago@...too.org>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: telegram-desktop: insecure permission of $HOME/.TelegramDesktop directory

Description:
Telegram-desktop is the official desktop client for Telegram.

During the navigation of my filesystem I found the .TelegramDesktop with 755 permission:

drwxr-xr-x  4 ago  ago      4096 nov 23 14:30 .TelegramDesktop

Affected version:
At least from 0.10.19 to 1.0.29

Fixed version:
N/A

Commit fix:
N/A

Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.

CVE:
CVE-2016-10351

Timeline:
2016-11-23: bug discovered and reported to upstream
2017-05-01: blog post about the issue
2017-05-01: CVE assigned

Permalink:
https://blogs.gentoo.org/ago/2017/05/01/telegram-desktop-insecure-permission-of-home-telegramdesktop-directory/

--
Agostino Sarubbo
Gentoo Linux Developer


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.