CVE-2010-1160

Currently unrated

Key Information:

Vendor: Gnu
Status: Nano
Vendor: CVE Published:; 16 April 2010

Summary

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.

References

http://lists.gnu.org/archive/html/nano-devel/2010-04/msg0...

mailing-listx_refsource_MLIST

http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?r...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2010/04/14/4

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Apr 16, 2010
Vulnerability Reserved
Mar 29, 2010