Mandrake Linux Security Advisory : joe (MDKSA-2000:072)

low Nessus Plugin ID 61858

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

When exiting joe in a non-standard way (such as a system crash, closing an xterm, or a network connection going down), joe will unconditionally append its open buffers to the file DEADJOE. This can be exploited by the creation of DEADJOE symlinks in directories where root would normally use joe. In this way, joe could be used to append garbage to potentially sensitive files, resulting in a denial of service or other problems.

Users of Linux-Mandrake 7.0 and earlier should also note that joe's configuration files have moved from /usr/lib/joe to /etc/joe.

Solution

Update the affected joe package.

Plugin Details

Severity: Low

ID: 61858

File Name: mandrake_MDKSA-2000-072.nasl

Version: 1.6

Type: local

Published: 9/6/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:joe, cpe:/o:mandrakesoft:mandrake_linux:6.0, cpe:/o:mandrakesoft:mandrake_linux:6.1, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 11/20/2000

Reference Information

CVE: CVE-2000-1178

MDKSA: 2000:072