Debian Security Advisory

joe -- symlink attack

Date Reported:
21 Nov 2000
Affected Packages:
joe
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2000-1178.
More information:
When joe (Joe's Own Editor) dies due to a signal instead of a normal exit it saves a list of the files it is editing to a file called `DEADJOE' in its current directory. Unfortunately this wasn't done safely which made joe vulnerable to a symlink attack. This has been fixed in version 2.8-15.1.
Fixed in:
2000-12-01