VULHUB ™

joe is a text editor by Joseph Allen, which features familar functions to users of both Microsoft text editors and vi users. A problem occurs with the editor when a session abnormally exits. Upon abnormal exit, the text editor saves any changes made to the file being edited into a new file in the current working directory labeled DEADJOE. When saving this file, the text editor does not check for the file type. A user editing a file in a directory writable by others could be subject to having other files written to if a malicious user were to symbollically link the DEADJOE file to one of owner/group write access of the user. This would result in the contents of the joe session being appended to the symbolically linked file, potentially corrupting the linked file.

joe is a text editor by Joseph Allen, which features familar functions to users of both Microsoft text editors and vi users. A problem occurs with the editor when a session abnormally exits. Upon abnormal exit, the text editor saves any changes made to the file being edited into a new file in the current working directory labeled DEADJOE. When saving this file, the text editor does not check for the file type. A user editing a file in a directory writable by others could be subject to having other files written to if a malicious user were to symbollically link the DEADJOE file to one of owner/group write access of the user. This would result in the contents of the joe session being appended to the symbolically linked file, potentially corrupting the linked file.