[VIM] Skype advisories

security curmudgeon jericho at attrition.org
Tue May 3 14:43:18 EDT 2005


: Skype has created a security page that lists 3 separate advisories, 
: including one that apparently didn't make it through the normal channels 
: when they posted it in April.
: 
: I have an inquiry to my Skype contact about the lang file directory 
: permissions problem (CAN-2004-1778):
: 
:   BUGTRAQ:20041222 Permission problem in Skype BETA for linux
:   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110374568916303&w=2
: 
: OSVDB - I'm curious why your short title for a Skype lang issue mentions 
: symlinks?  I don't see that mentioned in the Bugtraq posts.

>From the post:

 During installation a world-writable directory "/usr/share/skype/lang" is
 created.

 Impact:

 The directory (presumably) contains various language files used by the
 skype application. An attacker could modify these files. It is unknown if
 this could be used for attacking local users running the skype 
 application.


So looks like this was skimming too fast =) Seeing "installation" and 
"world-writable directory created" lead to 'symlink' snap judgement. =) I 
have updated the title.


More information about the VIM mailing list