|
Family: Debian Local Security Checks --> Category: infos
[DSA041] DSA-041-1 joe Vulnerability Scan
Vulnerability Scan Summary DSA-041-1 joe
Detailed Explanation for this Vulnerability Test
Christer Öberg of Wkit Security AB found a problem in joe
(Joe's Own Editor). joe will look for a configuration file in three locations:
The current directory, the users homedirectory ($HOME) and in /etc/joe. Since
the configuration file can define commands joe will run (for example to check
spelling) reading it from the current directory can be dangerous: A possible hacker
can leave a .joerc file in a writable directory, which would be read when a
unsuspecting user starts joe in that directory.
This has been fixed in version 2.8-15.3 and we recommend that you upgrade
your joe package immediately.
Solution : http://www.debian.org/security/2001/dsa-041
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|