Local File Overwrite Vulnerability in GNU Nano by GNU
CVE-2010-1160

Currently unrated

Key Information:

Vendor
Gnu
Status
Nano
Vendor
CVE Published:
16 April 2010

Summary

GNU Nano prior to version 2.2.4 fails to confirm whether a file has been altered before being overwritten during a file-save procedure. This flaw can be exploited by local user-assisted attackers to execute a symlink attack, permitting the malicious user to overwrite arbitrary files as the victim edits a file. Adequate security measures are essential to safeguard against such vulnerabilities to maintain system integrity.

References

http://lists.gnu.org/archive/html/nano-devel/2010-04/msg0...
mailing-listx_refsource_MLIST
http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?r...
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2010/04/14/4
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.