CVE-2001-0289

Joe text editor 2.8 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0289. PoCs published by Wkit Security.

AI-analyzed exploit summary This exploit leverages a vulnerability in the Joe text editor where a malicious .joerc file in a world-writable directory can execute arbitrary commands when the editor is launched. The PoC demonstrates a key binding that creates a SUID shell in /tmp, allowing privilege escalation.

Description

Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Wkit Security · textlocalunix
https://www.exploit-db.com/exploits/20658

This exploit leverages a vulnerability in the Joe text editor where a malicious .joerc file in a world-writable directory can execute arbitrary commands when the editor is launched. The PoC demonstrates a key binding that creates a SUID shell in /tmp, allowing privilege escalation.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Joe text editor (versions prior to fix for CVE-2001-0289)
No auth needed
Prerequisites: Write access to a world-writable directory · Victim must launch Joe in the directory containing the malicious .joerc file
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2001-024.html
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.html
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2001/dsa-041
Patch, Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3

Scores

EPSS 0.0074
EPSS Percentile 50.4%

Details

Status published
Products (1)
joseph_allen/joe 2.8
Published May 03, 2001
Tracked Since Feb 18, 2026