Joe Text Editor DEADJOE Symbolic Link Vulnerability
BID:1959
Info
Joe Text Editor DEADJOE Symbolic Link Vulnerability
| Bugtraq ID: | 1959 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 16 2000 12:00AM |
| Updated: | Nov 16 2000 12:00AM |
| Credit: | This vulnerability was first announced on the Bugtraq mailing list in a Wkit Security Advisory on November 16, 2000. |
| Vulnerable: |
Redhat joe-2.8-40.i386.rpm Redhat joe-2.8-18.i386.rpm Joseph Allen joe 2.8 |
| Not Vulnerable: | |
Discussion
Joe Text Editor DEADJOE Symbolic Link Vulnerability
joe is a text editor by Joseph Allen, which features familar functions to users of both Microsoft text editors and vi users. A problem occurs with the editor when a session abnormally exits.
Upon abnormal exit, the text editor saves any changes made to the file being edited into a new file in the current working directory labeled DEADJOE. When saving this file, the text editor does not check for the file type. A user editing a file in a directory writable by others could be subject to having other files written to if a malicious user were to symbollically link the DEADJOE file to one of owner/group write access of the user. This would result in the contents of the joe session being appended to the symbolically linked file, potentially corrupting the linked file.
joe is a text editor by Joseph Allen, which features familar functions to users of both Microsoft text editors and vi users. A problem occurs with the editor when a session abnormally exits.
Upon abnormal exit, the text editor saves any changes made to the file being edited into a new file in the current working directory labeled DEADJOE. When saving this file, the text editor does not check for the file type. A user editing a file in a directory writable by others could be subject to having other files written to if a malicious user were to symbollically link the DEADJOE file to one of owner/group write access of the user. This would result in the contents of the joe session being appended to the symbolically linked file, potentially corrupting the linked file.
Exploit / POC
Joe Text Editor DEADJOE Symbolic Link Vulnerability
See discussion.
See discussion.
Solution / Fix
Joe Text Editor DEADJOE Symbolic Link Vulnerability
Solution:
The following patches are available:
Redhat joe-2.8-18.i386.rpm
Redhat joe-2.8-40.i386.rpm
Joseph Allen joe 2.8
Solution:
The following patches are available:
Redhat joe-2.8-18.i386.rpm
-
Red Hat Inc. 6.0 i386 joe-2.8-42.62.i386.rpm
ftp://updates.redhat.com/6.0/i386/joe-2.8-42.62.i386.rpm
Redhat joe-2.8-40.i386.rpm
-
Red Hat Inc. 7.0 i386 joe-2.8-43.i386.rpm
ftp://updates.redhat.com/7.0/i386/joe-2.8-43.i386.rpm
Joseph Allen joe 2.8
-
Debian 2.2 alpha joe_2.8-15.2_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/joe_ 2.8-15.2_alpha.deb -
Debian 2.2 arm joe_2.8-15.2_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/joe_2. 8-15.2_arm.deb -
Debian 2.2 i386 joe_2.8-15.2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/joe_2 .8-15.2_i386.deb -
Debian 2.2 m68k joe_2.8-15.2_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/joe_2 .8-15.2_m68k.deb -
Debian 2.2 ppc joe_2.8-15.2_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/jo e_2.8-15.2_powerpc.deb -
Debian 2.2 sparc joe_2.8-15.2_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/joe_ 2.8-15.2_sparc.deb -
FreeBSD ports-3 i386 joe-2.8_2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/editors /joe-2.8_2.tgz -
FreeBSD ports-4 alpha joe-2.8_2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/editor s/joe-2.8_2.tgz -
FreeBSD ports-4 i386 joe-2.8_2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/editors /joe-2.8_2.tgz -
FreeBSD ports-5 alpha joe-2.8_2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/edito rs/joe-2.8_2.tgz -
FreeBSD ports-5 i386 joe-2.8_2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/editor s/joe-2.8_2.tgz -
Mandrakesoft 6.0 i386 joe-2.8-21.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/6.0/RPMS/j oe-2.8-21.3mdk.i586.rpm -
Mandrakesoft 6.0 source joe-2.8-21.3mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/6.0/SRPMS/ joe-2.8-21.3mdk.src.rpm -
Mandrakesoft 6.1 i386 joe-2.8-21.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/6.1/RPMS/j oe-2.8-21.3mdk.i586.rpm -
Mandrakesoft 6.1 source joe-2.8-21.3mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/6.1/SRPMS/ joe-2.8-21.3mdk.src.rpm -
Mandrakesoft 7.0 i386 joe-2.8-21.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.0/RPMS/j oe-2.8-21.3mdk.i586.rpm -
Mandrakesoft 7.0 source joe-2.8-21.3mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.0/SRPMS/ joe-2.8-21.3mdk.src.rpm -
Mandrakesoft 7.1 i386 joe-2.8-21.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.1/RPMS/j oe-2.8-21.2mdk.i586.rpm -
Mandrakesoft 7.1 source joe-2.8-21.2mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.1/SRPMS/ joe-2.8-21.2mdk.src.rpm -
Mandrakesoft 7.2 i386 joe-2.8-21.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/j oe-2.8-21.1mdk.i586.rpm -
Mandrakesoft 7.2 source joe-2.8-21.1mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/SRPMS/ joe-2.8-21.1mdk.src.rpm -
Red Hat Inc. 5.2 alpha joe-2.8-43.52.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/joe-2.8-43.52.alpha.rpm -
Red Hat Inc. 5.2 i386 joe-2.8-43.52.i386.rpm
ftp://updates.redhat.com/5.2/i386/joe-2.8-43.52.i386.rpm -
Red Hat Inc. 5.2 sparc joe-2.8-43.52.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/joe-2.8-43.52.sparc.rpm -
Red Hat Inc. 6.0 alpha joe-2.8-42.62.alpha.rpm
ftp://updates.redhat.com/6.0/alpha/joe-2.8-42.62.alpha.rpm -
Red Hat Inc. 6.0 i386 joe-2.8-42.62.i386.rpm
ftp://updates.redhat.com/6.0/i386/joe-2.8-42.62.i386.rpm -
Red Hat Inc. 6.2 alpha joe-2.8-43.62.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/joe-2.8-43.62.alpha.rpm -
Red Hat Inc. 6.2 i386 joe-2.8-43.62.i386.rpm
ftp://updates.redhat.com/6.2/i386/joe-2.8-43.62.i386.rpm -
Red Hat Inc. 6.2 sparc joe-2.8-43.62.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/joe-2.8-43.62.sparc.rpm -
Red Hat Inc. 7.0 alpha joe-2.8-43.7.alpha.rpm
ftp://updates.redhat.com/7.0/alpha/joe-2.8-43.7.alpha.rpm -
Red Hat Inc. 7.0 i386 joe-2.8-43.i386.rpm
ftp://updates.redhat.com/7.0/i386/joe-2.8-43.i386.rpm -
Wirex Immunix 6.2 joe-2.8-42.62_StackGuard.i386.rpm (binary)
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/joe-2.8-42.62_S tackGuard.i386.rpm -
Wirex Immunix 6.2 joe-2.8-42.62_StackGuard.src.rpm (source)
http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/joe-2.8-42.62_ StackGuard.src.rpm -
Wirex Immunix 7.0 beta joe-2.8-43_StackGuard.i386.rpm (binary)
http://www.immunix.org:8080/ImmunixOS/7.0-beta/updates/RPMS/joe-2.8-43 _StackGuard.i386.rpm -
Wirex Immunix 7.0 beta joe-2.8-43_StackGuard.src.rpm (source)
http://www.immunix.org:8080/ImmunixOS/7.0-beta/updates/SRPMS/joe-2.8-4 3_StackGuard.src.rpm
References
Joe Text Editor DEADJOE Symbolic Link Vulnerability
References:
References: