CVE-2001-0289 : Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow lo

Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.

Published 2001-05-03 04:00:00

Updated 2008-09-05 20:23:45

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2001-0289

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ

CVSS scores for CVE-2001-0289

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2001-0289

http://www.debian.org/security/2001/dsa-041

Patch;Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.html

Patch;Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2001-024.html
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3

Patch;Vendor Advisory

Products affected by CVE-2001-0289

Joseph Allen » JOE » Version: 2.8
cpe:2.3:a:joseph_allen:joe:2.8:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2001-0289

Exploit prediction scoring system (EPSS) score for CVE-2001-0289

CVSS scores for CVE-2001-0289

References for CVE-2001-0289

Products affected by CVE-2001-0289