Published: 03/05/2001 Updated: 05/09/2008

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
joseph allen joe 2.8

Christer Öberg of Wkit Security AB found a problem in joe (Joe's Own Editor) joe will look for a configuration file in three locations: The current directory, the users homedirectory ($HOME) and in /etc/joe Since the configuration file can define commands joe will run (for example to check spelling) reading it from the current directory can be d ...

source: wwwsecurityfocuscom/bid/2437/info Joe is a text editor originally written by Joseph Allen Joe offers a user-friendly interface, with key binding and configuration familiar to many users of Microsoft Word Processing tools A problem in the sourcing of the joerc file could lead to arbitrary execution of commands By design, joe s ...

NVD-CWE-Other http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.html http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3 http://www.debian.org/security/2001/dsa-041 http://www.redhat.com/support/errata/RHSA-2001-024.html https://nvd.nist.gov https://www.debian.org/security/./dsa-041 https://www.exploit-db.com/exploits/20658/

CVE-2001-0289

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect