SuSE alert: joe

Posted by dave on Mar 28, 2001 1:28 AM EDT
Mailing list
Mail this story
Print this story

A bug in joe(1), a userfriendly text editor, was found by Christer Öberg of Wkit Security AB a few weeks ago. After starting joe(1) it tries to open its configuration file joerc in the current directory, the users home directory and some other locations. joe(1) doesn't check the ownership of joerc when trying the current directory. An attacker could place a malicious joerc file in a public writeable directory, like /tmp, to execute commands with the privilege of any user (including root), which runs joe while being in this directory.

-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

                        SuSE Security Announcement

        Package: joe
        Announcement-ID: SuSE-SA:2001:09
        Date: Tuesday, March 27th, 2001 17.03 MEST
        Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1
        Vulnerability Type: local privilege escalation
        Severity (1-10): 3
        SuSE default package: yes
        Other affected systems: all system using joe

        Content of this advisory:
        1) security vulnerability resolved: joe
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

______________________________________________________________________________

1) problem description, brief discussion, solution, upgrade information

    A bug in joe(1), a userfriendly text editor, was found by Christer Öberg
    of Wkit Security AB a few weeks ago.
    After starting joe(1) it tries to open its configuration file joerc in the
    current directory, the users home directory and some other locations.
    joe(1) doesn't check the ownership of joerc when trying the current
    directory.
    An attacker could place a malicious joerc file in a public writeable
    directory, like /tmp, to execute commands with the privilege of any user
    (including root), which runs joe while being in this directory.

    Download the update package from locations desribed below and install
    the package with the command `rpm -Uhv file.rpm'. The md5sum for each
    file is in the line below. You can verify the integrity of the rpm
    files using the command
        `rpm --checksig --nogpg file.rpm',
    independently from the md5 signatures below.

    i386 Intel Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/ap1/joe-2.8-300.i386.rpm
      3140f1eb79eb246ad98f7687de517371
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/joe-2.8-300.src.rpm
      0c04bb25b8ae452f1fcdfe11af32e1b6

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/joe-2.8-304.i386.rpm
      2a406de36322fc7bc28aaeca0bbdf54d
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/joe-2.8-304.src.rpm
      2aac0d130597d580d96c75d59397958c

    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/joe-2.8-303.i386.rpm
      348a5e4a981f76943c77431606e5c3b2
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/joe-2.8-303.src.rpm
      9f938aa365460257baf56f5f92f565ee

    SuSE-6.3
    ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/joe-2.8-302.i386.rpm
      236ec54a0251859e1c2c1fc4018b5dae
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/joe-2.8-302.src.rpm
      49b638dd238cacc8e99048ee5a8024ea

    SuSE-6.2
    ftp://ftp.suse.com/pub/suse/i386/update/6.2/ap1/joe-2.8-302.i386.rpm
      094577b41a2ad5baa0d16f4d53378d0e
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/joe-2.8-302.src.rpm
      78333a2bac40b08db1e54ccaf1380caf

    SuSE-6.1
    ftp://ftp.suse.com/pub/suse/i386/update/6.1/ap1/joe-2.8-305.i386.rpm
      72fbb78af21f3878f1ae8b8bc87c96f4
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/joe-2.8-305.src.rpm
      b4fbe27a24bf66d60db45da3c3d13020

    Sparc Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/ap1/joe-2.8-290.sparc.rpm
      eeb78e413ee0b48d39ccdab29228ae80
    source rpm:
    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/joe-2.8-290.src.rpm
      f29199161ffd38f3f26c82b5d21ba89b

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/ap1/joe-2.8-292.sparc.rpm
      d1d70f58df37de53f05734d90be596fa
    source rpm:
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/joe-2.8-292.src.rpm
      45091ece9cb66e4f093d07b0386fd2b9

    AXP Alpha Platform:

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/axp/update/7.0/ap1/joe-2.8-296.alpha.rpm
      85e609519bbfbbc0be5aec7b8de2dffc
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/joe-2.8-296.src.rpm
      ce623f8a73b1f6395eb9498324cc1e21

    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/joe-2.8-293.alpha.rpm
      d930c6a2f0757f51f04409946f6152f8
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/joe-2.8-293.src.rpm
      0b20e5bd36f0feeaf78cb4815566e982

    SuSE-6.3
    ftp://ftp.suse.com/pub/suse/axp/update/6.3/ap1/joe-2.8-293.alpha.rpm
      6278e4dd4a42d4e091d1a08e3f617fa2
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/joe-2.8-293.src.rpm
      88f428cc9c916b9159dfb54144c7802e

    SuSE-6.1
    ftp://ftp.suse.com/pub/suse/axp/update/6.1/ap1/joe-2.8-295.alpha.rpm
      3e531066b0495be2261f02ef2d4583f0
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/joe-2.8-295.src.rpm
      1d7796f1fad01365e40a944f0db84470

    PPC PowerPC Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/ap1/joe-2.8-272.ppc.rpm
      f11094b9f1afeb04786030e3a140ed03
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/joe-2.8-272.src.rpm
      4058ea46c9d75976a24a6ac419fc19d5

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/ap1/joe-2.8-274.ppc.rpm
      c385a2ca601cf9b01ad2d39433d6a872
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/joe-2.8-274.src.rpm
      b667ea68d356a9582d3696ad68869c69

    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/joe-2.8-273.ppc.rpm
      4f6c2c20e961aea4987381d12692af6c
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/joe-2.8-273.src.rpm
      8c3ebda871c54afc11a24d80d207c34e

______________________________________________________________________________

2) Pending vulnerabilities in SuSE Distributions and Workarounds:

    - We are in the process of preparing update packages for the man package
      which has been found vulnerable to a commandline format string bug.
      The man command is installed suid man on SuSE systems. When exploited,
      the bug can be used to install a different man binary to introduce a
      trojan into the system. As an interim workaround, we recommend to
      `chmod -s /usr/bin/man´ and ignore the warnings and errors when
      viewing manpages.

    - The file browser MidnightCommander (mc) is vulnerable to unwanted
      program execution. Updates are currently being built.

    - Two bugs were found in the text editor vim. These bugs are currently
      being fixed.

    - A bufferoverflow in sudo was discovered and fixed RPMs will be available
      as soon as possible. A exploit was not made public until now.

______________________________________________________________________________

3) standard appendix:

    SuSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        - general/linux/SuSE security discussion.
            All SuSE security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
        - SuSE's announce-only mailing list.
            Only SuSE's security annoucements are sent to this list.
            To subscribe, send an email to
                <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
    send mail to:
        <suse-security-info@suse.com> or
        <suse-security-faq@suse.com> respectively.

    ===============================================
    SuSE's security contact is <security@suse.com>.
    ===============================================

______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way.
    SuSE GmbH makes no warranties of any kind whatsoever with respect
    to the information contained in this security advisory.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBOsG6aney5gA9JdPZAQEkMAgAiLgKgaIQS9psq0wwl/RJDaXCKwopeKsx
meuZexE+iBgCXEeDAYtsbUEgTtHfTZ7XO5VwsIfFD9r8yOoAxWUcCkmIHOTYlRF3
jC4BTN5PkhbY7JymlSaEIreEfgflNWfYY1soaUm0LYy6Q/jDvMYReMh7uiG3wpPw
ja8wiLjJ+PZa7OqtCsk9zTLBmFeTHJJ0mYeiy8qD4xASUW+GY6qE9i9naYrZgN9L
oEY6DrOy6RERh35+NKMaI21o+yULhxPcV1AUYUndyc4U3OQErNEoLdViU6F39KeB
JA9sgxk8iMvtqEyyCWaWJyRahrzo05gBepjUy+DjTovmJGMOhR+VAg==
=58ij
-----END PGP SIGNATURE-----

Bye,
     Thomas

-- 
  Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
  E@mail: thomas@suse.de      Function: Security Support & Auditing
  "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
   Key fingerprint = 09 48 F2 FD 81 F7 E7 98  6D C7 36 F1 96 6A 12 47

  Nav
» Read more about: Story Type: Security; Groups: SUSE

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.