Bugtraq mailing list archives
Re: Joe's Own Editor File Handling Error
From: Brad <brad () COMSTYLE COM>
Date: Wed, 28 Feb 2001 14:25:22 -0500
After looking through the patches that OpenBSD/FreeBSD/NetBSD has for their joe ports, it looks like joe is still vulnerable in the FreeBSD/NetBSD ports trees, but not in the OpenBSD ports tree as of Dec 22 1998. revision 1.3 date: 1998/12/22 03:58:13; author: form; state: Exp; lines: +74 -55 Do not use ./.xxxrc startup file. Startup files order: ~/.xxxrc, /etc/joe/xxxrc, ${PREFIX}/lib/joe/xxxrc. // Brad brad () comstyle com brad () openbsd org
TITLE: Joe's Own Editor File Handling Error ADVISORY ID: WSIR-01/02-02 REFERENCE: http://www.wkit.com/advisories CVE: GENERIC-MAP-NOMATCH CREDIT: Christer ?berg, Wkit Security AB CONTACT: advisories () wkit com CLASS: File Handling Error OBJECT: joe(1) (exec) VENDOR: Josef H. Allen STATUS: REMOTE: No LOCAL: Yes VULNERABLE: Joseph Allen joe 2.8 DATE CREATED: 26/02/2001 LAST UPDATED: VENDOR CONTACT: RELEASE: 28/02/2001 VULNERABILITY DESCRIPTION joe looks for its configuration file in ./.joerc (CWD), $HOME/.joerc, and /usr/local/lib/joerc in that order. Users could be tricked into execute commands if they open/edit a file with joe in a directory where other users can write.
Current thread:
- Joe's Own Editor File Handling Error advisories (Feb 28)
- Re: Joe's Own Editor File Handling Error Brad (Feb 28)