QwikSec

Security Database

CVE

CWE

Training

CVE-2010-1160

Published: Apr 16, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[Nano-devel] 20100407 New prerelease for security tweaks

mailing-list

x_refsource_MLIST

http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503&root=nano&view=markup

x_refsource_CONFIRM

[oss-security] 20100414 CVE request: GNU nano (minor)

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_SECTRACK

http://drosenbe.blogspot.com/2010/03/nano-as-root.html

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.