Debian Security Advisory
joe -- symlink attack
- Date Reported:
- 21 Nov 2000
- Affected Packages:
-
joe
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2000-1178.
- More information:
- When joe (Joe's Own Editor) dies due to a signal instead
of a normal exit it saves a list of the files it is editing to a file called
`DEADJOE' in its current directory. Unfortunately this wasn't done safely which
made joe vulnerable to a symlink attack. This has been fixed in version
2.8-15.1.
- Fixed in:
-
2000-12-01