Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2008 E-Soft Inc.OPENVAS:136141256231053802
HistoryJan 17, 2008 - 12:00 a.m.

Debian Security Advisory DSA 041-1 (joe)

2008-01-1700:00:00
Copyright (C) 2008 E-Soft Inc.
plugins.openvas.org
1

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

The remote host is missing an update to joe
announced via advisory DSA 041-1.

# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.53802");
  script_cve_id("CVE-2001-0289");
  script_version("2023-07-19T05:05:15+0000");
  script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
  script_tag(name:"creation_date", value:"2008-01-17 14:24:38 +0100 (Thu, 17 Jan 2008)");
  script_tag(name:"cvss_base", value:"4.6");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_name("Debian Security Advisory DSA 041-1 (joe)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 E-Soft Inc.");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB2\.2");
  script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20041-1");
  script_tag(name:"insight", value:"Christer Oberg of Wkit Security AB found a problem in joe (Joe's
Own Editor). joe will look for a configuration file in three
locations: the current directory, the users homedirectory ($HOME)
and in /etc/joe. Since the configuration file can define commands
joe will run (for example to check spelling) reading it from
the current directory can be dangerous: an attacker can leave
a .joerc file in a writable directory, which would be read when
a unsuspecting user starts joe in that directory.

This has been fixed in version 2.8-15.3 and we recommend that
you upgrade your joe package immediately.");
  script_tag(name:"summary", value:"The remote host is missing an update to joe
announced via advisory DSA 041-1.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"solution", value:"We recommend that you upgrade your joe package.");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if((res = isdpkgvuln(pkg:"joe", ver:"2.8-15.3", rls:"DEB2.2")) != NULL) {
  report += res;
}

if(report != "") {
  security_message(data:report);
} else if(__pkg_match) {
  exit(99);
}

Related

openvas 1
nvd 1
cve 1
nessus 2
cvelist 1
openvas
openvas
Debian Security Advisory DSA 041-1 (joe)
2008-01-17 00:00:00
nvd
nvd
CVE-2001-0289
2001-05-03 04:00:00
cve
cve
CVE-2001-0289
2001-05-07 04:00:00
nessus
nessus
Debian DSA-041-1 : joe - local exploit
2004-09-29 00:00:00
Mandrake Linux Security Advisory : joe (MDKSA-2001:026)
2012-09-06 00:00:00
cvelist
cvelist
CVE-2001-0289
2001-05-07 04:00:00

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON
Related for OPENVAS:136141256231053802
openvas1nvd1cve1nessus2cvelist1