Skype Technologies Skype Internet Telephony Insecure Default Install Vulnerability
BID:12081
Info
Skype Technologies Skype Internet Telephony Insecure Default Install Vulnerability
| Bugtraq ID: | 12081 |
| Class: | Configuration Error |
| CVE: |
CVE-2004-1778 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 22 2004 12:00AM |
| Updated: | Jul 12 2009 09:26AM |
| Credit: | Peter Conrad <[email protected]> is credited for the discovery of this issue. |
| Vulnerable: |
Skype Technologies Skype (Linux) 1.0.0.1 Skype Technologies Skype (Linux) 0.92.0.12 |
| Not Vulnerable: |
Skype Technologies Skype (Linux) 1.0.0.7 Skype Technologies Skype (Linux) 0.93.0.3 |
Discussion
Skype Technologies Skype Internet Telephony Insecure Default Install Vulnerability
An insecure default installation vulnerability reportedly affects Skype Technologies Skype. This issue is due to a failure of the application to properly secure files and directories that are installed.
This issue is only reported to affect Skype for the Linux platform.
An attacker may leverage this issue to create, delete, and write to arbitrary files and create files in the insecure directory.
An insecure default installation vulnerability reportedly affects Skype Technologies Skype. This issue is due to a failure of the application to properly secure files and directories that are installed.
This issue is only reported to affect Skype for the Linux platform.
An attacker may leverage this issue to create, delete, and write to arbitrary files and create files in the insecure directory.
Exploit / POC
Skype Technologies Skype Internet Telephony Insecure Default Install Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
Skype Technologies Skype Internet Telephony Insecure Default Install Vulnerability
Solution:
It has been reported that Skype 1.0.0.7 is not vulnerable to this issue, although this is not confirmed. Users are advised to contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It has been reported that Skype 1.0.0.7 is not vulnerable to this issue, although this is not confirmed. Users are advised to contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Skype Technologies Skype Internet Telephony Insecure Default Install Vulnerability
References:
References:
- Skype Homepage (Skype Technologies)
- Permission problem in Skype BETA for linux (Peter Conrad
) - Re: Permission problem in Skype BETA for linux (Peter Conrad
)