Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Joe's Own Editor File Handling Error
From: Brad <brad () COMSTYLE COM>
Date: Wed, 28 Feb 2001 14:25:22 -0500
After looking through the patches that OpenBSD/FreeBSD/NetBSD has for
their joe ports, it looks like joe is still vulnerable in the
FreeBSD/NetBSD ports trees, but not in the OpenBSD ports tree as of
Dec 22 1998.

revision 1.3
date: 1998/12/22 03:58:13;  author: form;  state: Exp;  lines: +74 -55
Do not use ./.xxxrc startup file.
Startup files order: ~/.xxxrc, /etc/joe/xxxrc, ${PREFIX}/lib/joe/xxxrc.

// Brad

brad () comstyle com
brad () openbsd org


TITLE:          Joe's Own Editor File Handling Error
ADVISORY ID:    WSIR-01/02-02
REFERENCE:      http://www.wkit.com/advisories
CVE:            GENERIC-MAP-NOMATCH
CREDIT:         Christer ?berg, Wkit Security AB
CONTACT:        advisories () wkit com
CLASS:          File Handling Error
OBJECT:         joe(1) (exec)
VENDOR:         Josef H. Allen
STATUS:
REMOTE:         No
LOCAL:          Yes
VULNERABLE:     Joseph Allen joe 2.8

DATE
 CREATED:        26/02/2001
 LAST UPDATED:
 VENDOR CONTACT:
 RELEASE:        28/02/2001

VULNERABILITY DESCRIPTION
 joe looks for its configuration file in ./.joerc (CWD), $HOME/.joerc, and
 /usr/local/lib/joerc in that order. Users could be tricked into execute
 commands if they open/edit a file with joe in a directory where other
 users can write.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]