Debian 2.2 DSA-041-1 Critical: Local Exploit In Joe's Editor
debian
March 9, 2001
Christer Öberg of Wkit Security AB found a problem in joe (Joe's Own Editor).
Topics Covered
Summary
Package : joe
Problem type : local exploit
Debian-specific: no
Christer Öberg of Wkit Security AB found a problem in joe (Joe's
Own Editor). joe will look for a configuration file in three
locations: the current directory, the users homedirectory ($HOME)
and in /etc/joe. Since the configuration file can define commands
joe will run (for example to check spelling) reading it from
the current directory can be dangerous: an attacker can leave
a .joerc file in a writable directory, which would be read when
a unsuspecting user starts joe in that directory.
This has been fixed in version 2.8-15.3 and we recommend that
you upgrade your joe package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
MD5 checksum: cd6b006c8a2426ada62a6af1ddd001fe
MD5 checksum: 4f...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!