Mandrake Linux Security Advisory : joe (MDKSA-2000:072)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

When exiting joe in a non-standard way (such as a system crash,
closing an xterm, or a network connection going down), joe will
unconditionally append its open buffers to the file DEADJOE. This can
be exploited by the creation of DEADJOE symlinks in directories where
root would normally use joe. In this way, joe could be used to append
garbage to potentially sensitive files, resulting in a denial of
service or other problems.

Users of Linux-Mandrake 7.0 and earlier should also note that joe's
configuration files have moved from /usr/lib/joe to /etc/joe.

Solution :

Update the affected joe package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61858 ()

Bugtraq ID:

CVE ID: CVE-2000-1178

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now