O'Reilly Network: Insecurities in a Nutshell: SAMBA, pine, ircd, and MoreDec 27, 2000, 22:24 (0 Talkback[s])
(Other stories by Noel Davis)
"Problems this week include symlink problems with joe, pico, and samba, a buffer overflow in bftpd, and problems with pine."
"SSLDUMP, an analyzer for encrypted network traffic similar to tcpdump, can be caused to segfault by malformed network traffic. There is some potential for concern, as the software must be run with root permissions, but to this time no exploit has been published. The author states that he is working on a fix and would like to remind users that SSLDUMP is still beta software."
"A small text editor, joe is shipped with many Linux distributions. If joe is closed by a signal, it creates a file named DEADJOE in the directory that it was started in. When it creates this file, it does not check for its existence or whether it is a symbolic link. This can lead to a malicious user corrupting arbitrary files writable by the users who are running joe. It is recommended that users of joe upgrade to the latest release."
"Another small text editor, pico is distributed with the pine e-mail client by the University of Washington. Upon an abnormal exit, such as a signal, it saves its buffer in a file in the current directory called filename.save (filename is the name of the buffer). It does this without checking it to see if the file exists or is a symbolic link. As with joe, this can lead to a malicious user corrupting files by overwriting them with the contents of pico's buffer."