COMMAND
joe
SYSTEMS AFFECTED
Most unices
PROBLEM
Following was posted by sbr. He recently started using a editor
called joe and with this editor there is a feature that if your
existing session is terminated, it creates a DEADJOE in the
directory. Now, while editing your shadow file if your connection
ends up terminated, thus leaving the DEADJOE in your /etc
directory that is world readable containing your entire shadow
file - you gotta problem. Umask setting does not seem to affect
the permissions of DEADJOE. This was tested on the Debian Linux
2.1 kernel 2.2.10 i386 (unknown version) and with 2.8-12.
How-To-Repeat: use joe to edit a file, then kill -HUP its
process. One tester was able to reproduce this with joe 2.8 under
Red Hat 6.0, with either Red Hat's -18 patches or the
FreeBSD-current patches applied, so it looks like FreeBSD is
probably vulnerable too.
SOLUTION
Well, first of all, if you're root and you experience termination
of your editor, you should assume there'll be somewhere recovery
file. The best thing to do is to recover session or if your
editor doesn't beep you for that to search for that file. In
fact, it's a feature... The only thing buggy here and dangerous
is that umask won't work as protection.
vim (that does create an "backup" file) creates its files with the
same perms as the file you are editing.
For Red Hat:
ftp://updates.redhat.com/5.2/alpha/joe-2.8-42.52.alpha.rpm
ftp://updates.redhat.com/5.2/sparc/joe-2.8-42.52.sparc.rpm
ftp://updates.redhat.com/5.2/i386/joe-2.8-42.52.i386.rpm
ftp://updates.redhat.com/5.2/SRPMS/joe-2.8-42.52.src.rpm
ftp://updates.redhat.com/6.0/sparc/joe-2.8-42.62.sparc.rpm
ftp://updates.redhat.com/6.0/i386/joe-2.8-42.62.i386.rpm
ftp://updates.redhat.com/6.0/alpha/joe-2.8-42.62.alpha.rpm
ftp://updates.redhat.com/6.0/SRPMS/joe-2.8-42.62.src.rpm
ftp://updates.redhat.com/6.1/alpha/joe-2.8-42.62.alpha.rpm
ftp://updates.redhat.com/6.1/sparc/joe-2.8-42.62.sparc.rpm
ftp://updates.redhat.com/6.1/i386/joe-2.8-42.62.i386.rpm
ftp://updates.redhat.com/6.1/SRPMS/joe-2.8-42.62.src.rpm
ftp://updates.redhat.com/6.2/alpha/joe-2.8-42.62.alpha.rpm
ftp://updates.redhat.com/6.2/sparc/joe-2.8-42.62.sparc.rpm
ftp://updates.redhat.com/6.2/i386/joe-2.8-42.62.i386.rpm
ftp://updates.redhat.com/6.2/SRPMS/joe-2.8-42.62.src.rpm
ftp://updates.redhat.com/7.0/i386/joe-2.8-43.i386.rpm
ftp://updates.redhat.com/7.0/SRPMS/joe-2.8-43.src.rpm
For Linux-Mandrake:
Linux-Mandrake 6.0: 6.0/RPMS/joe-2.8-21.3mdk.i586.rpm
6.0/SRPMS/joe-2.8-21.3mdk.src.rpm
Linux-Mandrake 6.1: 6.1/RPMS/joe-2.8-21.3mdk.i586.rpm
6.1/SRPMS/joe-2.8-21.3mdk.src.rpm
Linux-Mandrake 7.0: 7.0/RPMS/joe-2.8-21.3mdk.i586.rpm
7.0/SRPMS/joe-2.8-21.3mdk.src.rpm
Linux-Mandrake 7.1: 7.1/RPMS/joe-2.8-21.2mdk.i586.rpm
7.1/SRPMS/joe-2.8-21.2mdk.src.rpm
Linux-Mandrake 7.2: 7.2/RPMS/joe-2.8-21.1mdk.i586.rpm
7.2/SRPMS/joe-2.8-21.1mdk.src.rpm
For Debian:
http://security.debian.org/dists/stable/updates/main/source/joe_2.8-15.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/joe_2.8-15.1.dsc
http://security.debian.org/dists/stable/updates/main/source/joe_2.8.orig.tar.gz
http://security.debian.org/dists/stable/updates/main/binary-alpha/joe_2.8-15.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/joe_2.8-15.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/joe_2.8-15.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/joe_2.8-15.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/joe_2.8-15.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/joe_2.8-15.1_sparc.deb
For Immunix OS:
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/joe-2.8-42.62_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/joe-2.8-42.62_StackGuard.src.rpm
http://www.immunix.org:8080/ImmunixOS/7.0-beta/updates/RPMS/joe-2.8-43_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/7.0-beta/updates/SRPMS/joe-2.8-43_StackGuard.src.rpm
For Conectiva Linux:
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/joe-2.8-24cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/joe-2.8-24cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/joe-2.8-24cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/joe-2.8-24cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/joe-2.8-24cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/joe-2.8-24cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/joe-2.8-24cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/joe-2.8-24cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/joe-2.8-24cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/joe-2.8-24cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/joe-2.8-24cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/joe-2.8-24cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/joe-2.8-24cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/joe-2.8-24cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/joe-2.8-24cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/joe-2.8-24cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/joe-2.8-24cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/joe-2.8-24cl.i386.rpm
For FreeBSD:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/editors/joe-2.8_2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/editors/joe-2.8_2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/editors/joe-2.8_2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/editors/joe-2.8_2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/editors/joe-2.8_2.tgz