CVE-2002-2334

Sažetak

Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users.

Reference

http://online.securityfocus.com/archive/1/292138
http://www.iss.net/security_center/static/10125.php
http://www.securityfocus.com/bid/5732

CVSS

Base:	3.6
Impact:	4.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

05-09-2008 - 20:32

Objavljeno

31-12-2002 - 05:00