Race Condition Vulnerability in GNU Nano by GNU
CVE-2010-1161

Currently unrated

Key Information:

Vendor: Gnu
Status: Nano
Vendor: CVE Published:; 16 April 2010

Summary

The vulnerability in GNU Nano before version 2.2.4 occurs when the editor is run as root to edit files not owned by root, creating a race condition. This allows a local user-assisted attacker to exploit the situation and change the ownership of arbitrary files by manipulating the creation of backup files during the editing process. Ensuring proper usage and user permissions can help mitigate the risks associated with this vulnerability.

References

http://lists.gnu.org/archive/html/nano-devel/2010-04/msg0...

mailing-listx_refsource_MLIST

http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?r...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2010/04/14/4

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Apr 16, 2010
Vulnerability Reserved
Mar 29, 2010