CVE-2001-0289

high

Description

Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.

References

http://www.redhat.com/support/errata/RHSA-2001-024.html

http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3

http://www.debian.org/security/2001/dsa-041

http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.html

Details

Source: Mitre, NVD

Published: 2001-05-03

Updated: 2008-09-05

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High