CVE-2000-1178
MEDIUMJoe - Symbolic Link Following in Rescue Copy Creation
Title source: llmDescription
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
References (8)
Core 8
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=97500174210821&w=2
Broken Link vendor-advisory
x_refsource_mandrake
http://www.linux-mandrake.com/en/security/MDKSA-2000-072.php3
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5546
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2000-110.html
Broken Link vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000356
Broken Link, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-11/0227.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2000/20001201
Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1959
Scores
CVSS v3
5.5
EPSS
0.0056
EPSS Percentile
42.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-59
Status
published
Products (1)
joseph_allen/joe
2.8
Published
Jan 09, 2001
Tracked Since
Feb 18, 2026