[19431] in bugtraq
Re: Joe's Own Editor File Handling Error
daemon@ATHENA.MIT.EDU (Brad)
Wed Feb 28 16:57:17 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Message-ID: <Pine.BSO.4.33.0102281412380.1599-100000@ss5.comstyle.com>
Date: Wed, 28 Feb 2001 14:25:22 -0500
Reply-To: Brad <brad@COMSTYLE.COM>
From: Brad <brad@COMSTYLE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <OF61B9B540.D6BC1630-ONC1256A01.004D1564@wkit.se>
Content-Transfer-Encoding: 8bit
After looking through the patches that OpenBSD/FreeBSD/NetBSD has for
their joe ports, it looks like joe is still vulnerable in the
FreeBSD/NetBSD ports trees, but not in the OpenBSD ports tree as of
Dec 22 1998.
revision 1.3
date: 1998/12/22 03:58:13; author: form; state: Exp; lines: +74 -55
Do not use ./.xxxrc startup file.
Startup files order: ~/.xxxrc, /etc/joe/xxxrc, ${PREFIX}/lib/joe/xxxrc.
// Brad
brad@comstyle.com
brad@openbsd.org
>TITLE: Joe's Own Editor File Handling Error
>ADVISORY ID: WSIR-01/02-02
>REFERENCE: http://www.wkit.com/advisories
>CVE: GENERIC-MAP-NOMATCH
>CREDIT: Christer Öberg, Wkit Security AB
>CONTACT: advisories@wkit.com
>CLASS: File Handling Error
>OBJECT: joe(1) (exec)
>VENDOR: Josef H. Allen
>STATUS:
>REMOTE: No
>LOCAL: Yes
>VULNERABLE: Joseph Allen joe 2.8
>
>DATE
> CREATED: 26/02/2001
> LAST UPDATED:
> VENDOR CONTACT:
> RELEASE: 28/02/2001
>
>VULNERABILITY DESCRIPTION
> joe looks for its configuration file in ./.joerc (CWD), $HOME/.joerc, and
> /usr/local/lib/joerc in that order. Users could be tricked into execute
> commands if they open/edit a file with joe in a directory where other
> users can write.
