As per: --- Date: Wed, 28 Feb 2001 15:13:42 +0100 From: advisories To: BUGTRAQ Subject: Joe's Own Editor File Handling Error --- Joe tries to use ./.joerc for it's configuration file. If joe is used in a world-writable directory, attacker can create .joerc there with malicious definitions that may lead to to local user login (/root if root uses joe) compromise. Don't they ever learn...
Doh. Stuuuupid people. (not that any non-newbie would use joe on a regular basis anyway). Fixed in joe-2.8-44.
this should really be a fix that gets pushed out to 6.X and 7.0 - its a dumb error but it could be exploited and I know (I am) a person who uses joe all the time. course - I've already patched my joe rpm :) -sv
I've already made rpms and an errata request for 5.2, 6.2 and 7.