Mandrake Linux Security Advisory : joe (MDKSA-2000:072)

When exiting joe in a non-standard way such as a system crash, closing an xterm, or a network connection going down, joe will unconditionally append its open buffers to the file DEADJOE. This can be exploited by the creation of DEADJOE symlinks in directories where root would normally use joe. In...

Debian Security Advisory DSA 003-1 (joe)

The remote host is missing an update to joe announced via advisory DSA 003-1. OpenVAS Vulnerability Test $Id: deb0031.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 003-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

CVE-1999-1545

CVE-1999-1545 affects Joe's Own Editor (joe) 2.8, where the crash-save file DEADJOE is created with world-readable permissions. This improper file permission allows local users to read files being edited by other users. Root cause: incorrect permission settings for the crash-save file. Impact: lo...

[SECURITY] New version of joe released

Package : joe Problem type : symlink attack Debian-specific: no When joe Joes Own Editor dies due to a signal instead of a normal exit it saves a list of the files it is editing to a file called DEADJOE in its current directory. Unfortunately this wasnt done safely which made joe vulnerable to a...