CVE-2002-2334

2007-10-2619:00:00

mitre

www.cve.org

joe text editor

setuid

setgid

local users

arbitrary execution

AI Score

7.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users.

References

online.securityfocus.com/archive/1/292138

www.iss.net/security_center/static/10125.php

www.securityfocus.com/bid/5732