CVE-2002-2334

Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://online.securityfocus.com/archive/1/292138
http://www.iss.net/security_center/static/10125.php
http://www.securityfocus.com/bid/5732

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:joseph_allen:joe:2.8:::::::*
	cpe:2.3:a:joseph_allen:joe:2.9:::::::*
	cpe:2.3:a:joseph_allen:joe:2.9.1:::::::*
	cpe:2.3:a:joseph_allen:joe:2.9.2:::::::*
	cpe:2.3:a:joseph_allen:joe:2.9.4:::::::*
	cpe:2.3:a:joseph_allen:joe:2.9.5:::::::*
	cpe:2.3:a:joseph_allen:joe:2.9.6:::::::*
	cpe:2.3:a:joseph_allen:joe:2.9.7:::::::*

History

No history.

Information

Published : 2002-12-31 05:00

Updated : 2008-09-05 20:32

NVD link : CVE-2002-2334

Mitre link : CVE-2002-2334

CVE.ORG link : CVE-2002-2334

JSON object : View

Products Affected

joseph_allen

joe

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2002-2334", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-12-31T05:00:00.000", "references": [{"url": "http://online.securityfocus.com/archive/1/292138", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/10125.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5732", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users."}], "lastModified": "2008-09-05T20:32:57.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:joseph_allen:joe:2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9894A324-ABBD-4FF4-8A51-D73381F40814"}, {"criteria": "cpe:2.3:a:joseph_allen:joe:2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "878ED977-AFC5-4703-8B5C-71BC0F290EDD"}, {"criteria": "cpe:2.3:a:joseph_allen:joe:2.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B83FBD7-66F8-464D-9CD5-70E742527A68"}, {"criteria": "cpe:2.3:a:joseph_allen:joe:2.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A2C984D-A684-4941-BF31-E410DA90909A"}, {"criteria": "cpe:2.3:a:joseph_allen:joe:2.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FC27B2F-4A6F-4802-842F-50B955E7E013"}, {"criteria": "cpe:2.3:a:joseph_allen:joe:2.9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E82748C5-9506-4B50-A16F-FBB071F211E9"}, {"criteria": "cpe:2.3:a:joseph_allen:joe:2.9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73778402-1488-47DE-8115-B45711ED61A2"}, {"criteria": "cpe:2.3:a:joseph_allen:joe:2.9.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49A961E3-ADA9-41E3-A081-E868AE38F281"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}