SuSE Security Announcement: joeMar 28, 2001, 21:52 (0 Talkback[s])
(Other stories by Thomas Biege)
Date: Wed, 28 Mar 2001 13:03:11 +0200
SuSE Security Announcement Package: joe Announcement-ID: SuSE-SA:2001:09 Date: Tuesday, March 27th, 2001 17.03 MEST Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1 Vulnerability Type: local privilege escalation Severity (1-10): 3 SuSE default package: yes Other affected systems: all system using joe Content of this advisory: 1) security vulnerability resolved: joe problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information)
1) problem description, brief discussion, solution, upgrade information
A bug in joe(1), a userfriendly text editor, was found by Christer Öberg of Wkit Security AB a few weeks ago. After starting joe(1) it tries to open its configuration file joerc in the current directory, the users home directory and some other locations. joe(1) doesn't check the ownership of joerc when trying the current directory.
An attacker could place a malicious joerc file in a public writeable directory, like /tmp, to execute commands with the privilege of any user (including root), which runs joe while being in this directory.
Download the update package from locations desribed below and
install the package with the command `rpm -Uhv file.rpm'. The
md5sum for each file is in the line below. You can verify the
integrity of the rpm files using the command
i386 Intel Platform:
AXP Alpha Platform:
PPC PowerPC Platform:
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- We are in the process of preparing update packages for the man package which has been found vulnerable to a commandline format string bug. The man command is installed suid man on SuSE systems. When exploited, the bug can be used to install a different man binary to introduce a trojan into the system. As an interim workaround, we recommend to `chmod -s /usr/bin/man´ and ignore the warnings and errors when viewing manpages.
- The file browser MidnightCommander (mc) is vulnerable to unwanted program execution. Updates are currently being built.
- Two bugs were found in the text editor vim. These bugs are currently being fixed.
- A bufferoverflow in sudo was discovered and fixed RPMs will be available as soon as possible. A exploit was not made public until now.
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may subscribe:
firstname.lastname@example.org - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to email@example.com. firstname.lastname@example.org - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to email@example.com. For general information or the frequently asked questions (faq) send mail to: firstname.lastname@example.org or email@example.com respectively.
SuSE's security contact is firstname.lastname@example.org.
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory.