Debian Security Advisory: joe local attack via joercMar 09, 2001, 07:16 (0 Talkback[s])
(Other stories by Wichert Akkerman)
Date: Fri, 9 Mar 2001 03:10:07 +0100
Debian Security Advisory DSA-041-1 firstname.lastname@example.org http://www.debian.org/security/ Wichert Akkerman March 9, 2001
Package : joe Problem type : local exploit Debian-specific: noChrister Öberg of Wkit Security AB found a problem in joe (Joe's Own Editor). joe will look for a configuration file in three locations: the current directory, the users homedirectory ($HOME) and in /etc/joe. Since the configuration file can define commands joe will run (for example to check spelling) reading it from the current directory can be dangerous: an attacker can leave a .joerc file in a writable directory, which would be read when a unsuspecting user starts joe in that directory.
This has been fixed in version 2.8-15.3 and we recommend that you upgrade your joe package immediately.
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.Debian GNU/Linux 2.2 alias potato
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Intel ia32 architecture:
Motorola 680x0 architecture:
Sun Sparc architecture:
These files will be moved into ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
For apt-get: deb http://security.debian.org/