Rapid7 Vulnerability & Exploit Database

RHSA-2001:024: Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7.

Back to Search

RHSA-2001:024: Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7.

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
05/03/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7.

When starting, joe looks for a configuration file in the current working directory, the user's home directory, and /etc/joe. A malicious user could create a .joerc file in a world writable directory such as /tmp and make users running joe inside that directory using a .joerc file that is customized to execute commands with their own userids. The current working directory has been removed from the list of possible directories with the .joerc configuration file.

Solution(s)

  • redhat-upgrade-joe

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;