|
|
Log in / Subscribe / Register

nano: multiple vulnerabilities

Package(s):nano CVE #(s):CVE-2010-1160 CVE-2010-1161
Created:April 27, 2010 Updated:September 9, 2010
Description: From the Pardus advisory:

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim. (CVE-2010-1160)

Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. (CVE-2010-1161)

Alerts:
Fedora FEDORA-2010-13157 nano 2010-08-20
Gentoo 201006-08 nano 2010-06-01
Fedora FEDORA-2010-6776 nano 2010-04-16
Fedora FEDORA-2010-6775 nano 2010-04-16
Pardus 2010-58 nano 2010-04-27
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds