Vulnerability Description
Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joseph Allen | Joe | 2.8 |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.htmlPatchVendor Advisory
- http://www.debian.org/security/2001/dsa-041PatchVendor Advisory
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3PatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2001-024.html
- http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.htmlPatchVendor Advisory
- http://www.debian.org/security/2001/dsa-041PatchVendor Advisory
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3PatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2001-024.html
FAQ
What is CVE-2001-0289?
CVE-2001-0289 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc fil...
How severe is CVE-2001-0289?
CVE-2001-0289 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0289?
Check the references section above for vendor advisories and patch information. Affected products include: Joseph Allen Joe.