LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

nano: multiple vulnerabilities

Package(s):nano CVE #(s):CVE-2010-1160 CVE-2010-1161
Created:April 27, 2010 Updated:September 9, 2010
Description: From the Pardus advisory:

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim. (CVE-2010-1160)

Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. (CVE-2010-1161)

Alerts:
Fedora FEDORA-2010-13157 2010-08-20
Gentoo 201006-08 2010-06-01
Fedora FEDORA-2010-6776 2010-04-16
Fedora FEDORA-2010-6775 2010-04-16
Pardus 2010-58 2010-04-27
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds