“Problems this week include symlink problems with joe, pico,
and samba, a buffer overflow in bftpd, and problems with
pine.”
“SSLDUMP, an analyzer for encrypted network traffic similar to
tcpdump, can be caused to segfault by malformed network traffic.
There is some potential for concern, as the software must be run
with root permissions, but to this time no exploit has been
published. The author states that he is working on a fix and would
like to remind users that SSLDUMP is still beta software.”
“A small text editor, joe is shipped with many Linux
distributions. If joe is closed by a signal, it creates a file
named DEADJOE in the directory that it was started in. When it
creates this file, it does not check for its existence or whether
it is a symbolic link. This can lead to a malicious user corrupting
arbitrary files writable by the users who are running joe. It is
recommended that users of joe upgrade to the latest release.”
“Another small text editor, pico is distributed with the pine
e-mail client by the University of Washington. Upon an abnormal
exit, such as a signal, it saves its buffer in a file in the
current directory called filename.save (filename is the name of the
buffer). It does this without checking it to see if the file exists
or is a symbolic link. As with joe, this can lead to a malicious
user corrupting files by overwriting them with the contents of
pico’s buffer.”