Date: Wed, 28 Feb 2001 14:25:22 -0500 (EST) From: Brad <brad@comstyle.com> To: <BUGTRAQ@SECURITYFOCUS.COM> Cc: <toasty@dragondata.com>, <ports@freebsd.org>, <explorer@netbsd.org>, <tech-pkg@netbsd.org> Subject: Re: Joe's Own Editor File Handling Error Message-ID: <Pine.BSO.4.33.0102281412380.1599-100000@ss5.comstyle.com> In-Reply-To: <OF61B9B540.D6BC1630-ONC1256A01.004D1564@wkit.se>
next in thread | previous in thread | raw e-mail | index | archive | help
After looking through the patches that OpenBSD/FreeBSD/NetBSD has for their joe ports, it looks like joe is still vulnerable in the FreeBSD/NetBSD ports trees, but not in the OpenBSD ports tree as of Dec 22 1998. revision 1.3 date: 1998/12/22 03:58:13; author: form; state: Exp; lines: +74 -55 Do not use ./.xxxrc startup file. Startup files order: ~/.xxxrc, /etc/joe/xxxrc, ${PREFIX}/lib/joe/xxxrc. // Brad brad@comstyle.com brad@openbsd.org >TITLE: Joe's Own Editor File Handling Error >ADVISORY ID: WSIR-01/02-02 >REFERENCE: http://www.wkit.com/advisories >CVE: GENERIC-MAP-NOMATCH >CREDIT: Christer =D6berg, Wkit Security AB >CONTACT: advisories@wkit.com >CLASS: File Handling Error >OBJECT: joe(1) (exec) >VENDOR: Josef H. Allen >STATUS: >REMOTE: No >LOCAL: Yes >VULNERABLE: Joseph Allen joe 2.8 > >DATE > CREATED: 26/02/2001 > LAST UPDATED: > VENDOR CONTACT: > RELEASE: 28/02/2001 > >VULNERABILITY DESCRIPTION > joe looks for its configuration file in ./.joerc (CWD), $HOME/.joerc, an= d > /usr/local/lib/joerc in that order. Users could be tricked into execute > commands if they open/edit a file with joe in a directory where other > users can write. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSO.4.33.0102281412380.1599-100000>