Rapid7 Vulnerability & Exploit Database

RHSA-2000:110: Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7

Back to Search

RHSA-2000:110: Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7

Severity

CVSS

(AV:L/AC:L/Au:N/C:N/I:P/A:N)

Published

01/09/2001

Created

07/25/2018

Added

10/28/2005

Modified

07/04/2017

Description

Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7.

When exiting joe in a nonstandard way (such as a system crash, closing an xterm, or a network connection going down), joe will unconditionally append its open buffers to the file "DEADJOE". This could be exploited by the creation of DEADJOE symlinks in directories where root would normally use joe. In this way, joe could be used to append garbage to potentially-sensitive files, resulting in a denial of service. Users of Red Hat Linux 6.x and 5.2 should also note that joe's configuration files have been moved from /usr/lib/joe to /etc/joe

Solution(s)

redhat-upgrade-joe

References

https://attackerkb.com/topics/cve-2000-1178
1959
CLA-2000:356
CVE - 2000-1178
MDKSA-2000:072
RHSA-2000:110
5546

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

RHSA-2000:110: Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7