Debian Security Advisory
joe -- symlink attack
- Date Reported:
- 21 Nov 2000
- Affected Packages:
- joe
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2000-1178.
- More information:
- When joe (Joe's Own Editor) dies due to a signal instead of a normal exit it saves a list of the files it is editing to a file called `DEADJOE' in its current directory. Unfortunately this wasn't done safely which made joe vulnerable to a symlink attack. This has been fixed in version 2.8-15.1.
- Fixed in:
- 2000-12-01