---

Home Security

SuSE Security Announcement: joe

By

Date: Wed, 28 Mar 2001 13:03:11 +0200
From: Thomas Biege thomas@SUSE.DE
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: SuSE Security Announcement: joe (SuSE-SA:2001:09)

                        SuSE Security Announcement

        Package:                joe
        Announcement-ID:        SuSE-SA:2001:09
        Date:                   Tuesday, March 27th, 2001 17.03 MEST
        Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1
        Vulnerability Type:     local privilege escalation
        Severity (1-10):        3
        SuSE default package:   yes
        Other affected systems: all system using joe

        Content of this advisory:
        1) security vulnerability resolved: joe
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

1) problem description, brief discussion, solution, upgrade
information

A bug in joe(1), a userfriendly text editor, was found by
Christer Öberg of Wkit Security AB a few weeks ago. After
starting joe(1) it tries to open its configuration file joerc in
the current directory, the users home directory and some other
locations. joe(1) doesn’t check the ownership of joerc when trying
the current directory.

An attacker could place a malicious joerc file in a public
writeable directory, like /tmp, to execute commands with the
privilege of any user (including root), which runs joe while being
in this directory.

Download the update package from locations desribed below and
install the package with the command `rpm -Uhv file.rpm’. The
md5sum for each file is in the line below. You can verify the
integrity of the rpm files using the command
`rpm –checksig –nogpg file.rpm’,
independently from the md5 signatures below.

i386 Intel Platform:

SuSE-7.1

ftp://ftp.suse.com/pub/suse/i386/update/7.1/ap1/joe-2.8-300.i386.rpm

3140f1eb79eb246ad98f7687de517371
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/joe-2.8-300.src.rpm

0c04bb25b8ae452f1fcdfe11af32e1b6

SuSE-7.0

ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/joe-2.8-304.i386.rpm

2a406de36322fc7bc28aaeca0bbdf54d
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/joe-2.8-304.src.rpm

2aac0d130597d580d96c75d59397958c

SuSE-6.4

ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/joe-2.8-303.i386.rpm

348a5e4a981f76943c77431606e5c3b2
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/joe-2.8-303.src.rpm

9f938aa365460257baf56f5f92f565ee

SuSE-6.3

ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/joe-2.8-302.i386.rpm

236ec54a0251859e1c2c1fc4018b5dae
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/joe-2.8-302.src.rpm

49b638dd238cacc8e99048ee5a8024ea

SuSE-6.2

ftp://ftp.suse.com/pub/suse/i386/update/6.2/ap1/joe-2.8-302.i386.rpm

094577b41a2ad5baa0d16f4d53378d0e
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/joe-2.8-302.src.rpm

78333a2bac40b08db1e54ccaf1380caf

SuSE-6.1

ftp://ftp.suse.com/pub/suse/i386/update/6.1/ap1/joe-2.8-305.i386.rpm

72fbb78af21f3878f1ae8b8bc87c96f4
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/joe-2.8-305.src.rpm

b4fbe27a24bf66d60db45da3c3d13020

Sparc Platform:

SuSE-7.1

ftp://ftp.suse.com/pub/suse/sparc/update/7.1/ap1/joe-2.8-290.sparc.rpm

eeb78e413ee0b48d39ccdab29228ae80
source rpm:

ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/joe-2.8-290.src.rpm

f29199161ffd38f3f26c82b5d21ba89b

SuSE-7.0

ftp://ftp.suse.com/pub/suse/sparc/update/7.0/ap1/joe-2.8-292.sparc.rpm

d1d70f58df37de53f05734d90be596fa
source rpm:

ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/joe-2.8-292.src.rpm

45091ece9cb66e4f093d07b0386fd2b9

AXP Alpha Platform:

SuSE-7.0

ftp://ftp.suse.com/pub/suse/axp/update/7.0/ap1/joe-2.8-296.alpha.rpm

85e609519bbfbbc0be5aec7b8de2dffc
source rpm:

ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/joe-2.8-296.src.rpm

ce623f8a73b1f6395eb9498324cc1e21

SuSE-6.4

ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/joe-2.8-293.alpha.rpm

d930c6a2f0757f51f04409946f6152f8
source rpm:

ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/joe-2.8-293.src.rpm

0b20e5bd36f0feeaf78cb4815566e982

SuSE-6.3

ftp://ftp.suse.com/pub/suse/axp/update/6.3/ap1/joe-2.8-293.alpha.rpm

6278e4dd4a42d4e091d1a08e3f617fa2
source rpm:

ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/joe-2.8-293.src.rpm

88f428cc9c916b9159dfb54144c7802e

SuSE-6.1

ftp://ftp.suse.com/pub/suse/axp/update/6.1/ap1/joe-2.8-295.alpha.rpm

3e531066b0495be2261f02ef2d4583f0
source rpm:

ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/joe-2.8-295.src.rpm

1d7796f1fad01365e40a944f0db84470

PPC PowerPC Platform:

SuSE-7.1

ftp://ftp.suse.com/pub/suse/ppc/update/7.1/ap1/joe-2.8-272.ppc.rpm

f11094b9f1afeb04786030e3a140ed03
source rpm:

ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/joe-2.8-272.src.rpm

4058ea46c9d75976a24a6ac419fc19d5

SuSE-7.0

ftp://ftp.suse.com/pub/suse/ppc/update/7.0/ap1/joe-2.8-274.ppc.rpm

c385a2ca601cf9b01ad2d39433d6a872
source rpm:

ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/joe-2.8-274.src.rpm

b667ea68d356a9582d3696ad68869c69

SuSE-6.4

ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/joe-2.8-273.ppc.rpm

4f6c2c20e961aea4987381d12692af6c
source rpm:

ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/joe-2.8-273.src.rpm

8c3ebda871c54afc11a24d80d207c34e

2) Pending vulnerabilities in SuSE Distributions and
Workarounds:

– We are in the process of preparing update packages for the man
package which has been found vulnerable to a commandline format
string bug. The man command is installed suid man on SuSE systems.
When exploited, the bug can be used to install a different man
binary to introduce a trojan into the system. As an interim
workaround, we recommend to `chmod -s /usr/bin/man´ and
ignore the warnings and errors when viewing manpages.

– The file browser MidnightCommander (mc) is vulnerable to
unwanted program execution. Updates are currently being built.

– Two bugs were found in the text editor vim. These bugs are
currently being fixed.

– A bufferoverflow in sudo was discovered and fixed RPMs will be
available as soon as possible. A exploit was not made public until
now.

3) standard appendix:

SuSE runs two security mailing lists to which any interested
party may subscribe:

    suse-security@suse.com
        -   general/linux/SuSE security discussion.
            All SuSE security announcements are sent to this list.
            To subscribe, send an email to
                suse-security-subscribe@suse.com.

    suse-security-announce@suse.com
        -   SuSE's announce-only mailing list.
            Only SuSE's security annoucements are sent to this list.
            To subscribe, send an email to
                suse-security-announce-subscribe@suse.com.

    For general information or the frequently asked questions (faq)
    send mail to:
        suse-security-info@suse.com or
        suse-security-faq@suse.com respectively.


    SuSE's security contact is security@suse.com.

The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. SuSE GmbH
makes no warranties of any kind whatsoever with respect to the
information contained in this security advisory.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.