Update (February 2005):
The issue described below has re-appeared in the official (non-BETA)
version released on Feb 1, 2005. Skype were notified on Feb 10, and a
fixed version was released on Feb 14.
Vulnerable: skype-1.0.0.1-suse.i586.rpm (but see below)
Fixed: skype-1.0.0.7-suse.i586.rpm
NB: it seems that a fixed version skype-1.0.0.1-suse.i586.rpm was
made available on Feb 11, but without modifying the version number.
The difference can only be seen with "rpm -qi ..." - :
conrad@adams:~> rpm -qip skype-1.0.0.1-suse.i586.rpm | grep Release
Release : suse Build Date: Mon Jan 31 19:00:45 2005
conrad@adams:~> rpm -qip skype-1.0.0.1b-suse.i586.rpm | grep Release
Release : suse.hotfix1 Build Date: Fri Feb 11 14:18:39 2005
Am Mittwoch, 22. Dezember 2004 18:12 schrieb Peter Conrad:
> Date: December 2004
>
> Product: Skype (http://skype.com/)
>
> "Skype is free Internet telephony that just works.
> Skype is for calling other people on their computers or phones.
> Download Skype and start calling for free all over the world."
>
> Affected versions:
>
> Linux RPM's version 0.92.0.12, possibly others.
> (Linux versions are marked as "BETA")
>
> Problem Description:
>
> During installation a world-writable directory "/usr/share/skype/lang" is
> created.
>
> Impact:
>
> The directory (presumably) contains various language files used by the
> skype application. An attacker could modify these files. It is unknown if
> this could be used for attacking local users running the skype application.
>
> Solution:
>
> The problem seems to be fixed in version 0.93.0.3, which is currently
> available for download from the skype website.
>
> History:
>
> - Vendor notified on 19-Nov-2004
> - Vendor acknowledged problem within 40 minutes
> - Fixed version available since 21-Dec-2004
--
Peter Conrad Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH Fax: +49 6102 / 80 99 071
Bahnhofstr. 18 http://www.tivano.de/
63263 Neu-Isenburg
Germany
