Published: 16/04/2010 Updated: 07/06/2010

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N

GNU nano prior to 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted malicious users to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu nano 2.1.6
gnu nano 2.1.5
gnu nano 2.1.4
gnu nano 2.1.3
gnu nano 2.0.0
gnu nano 1.9.99pre3
gnu nano 1.9.99pre2
gnu nano 1.9.99pre1
gnu nano 1.3.12
gnu nano 1.2.5
gnu nano 1.2.4
gnu nano 1.2.3
gnu nano 2.1.10
gnu nano 2.1.8
gnu nano 2.1.1
gnu nano 2.0.9
gnu nano 2.0.4
gnu nano 2.0.2
gnu nano 1.3.11
gnu nano 1.3.9
gnu nano 1.3.2
gnu nano 1.3.0
gnu nano 1.2.1
gnu nano 1.1.99pre3
gnu nano 1.1.8
gnu nano 1.1.6
gnu nano 1.0.9
gnu nano 1.0.7
gnu nano 1.0.2
gnu nano 1.0.0
gnu nano 0.9.99pre2
gnu nano 0.9.22
gnu nano 0.9.20
gnu nano 0.9.13
gnu nano 0.9.11
gnu nano 0.9.6
gnu nano 0.9.4
gnu nano 0.9.2
gnu nano 0.8.7
gnu nano 0.8.5
gnu nano 0.7.8
gnu nano 0.7.6
gnu nano 0.6.9
gnu nano 0.6.7
gnu nano 0.6.2
gnu nano 0.6.0
gnu nano
gnu nano 2.2.2
gnu nano 2.1.9
gnu nano 2.1.7
gnu nano 2.1.2
gnu nano 2.1.0
gnu nano 2.0.3
gnu nano 2.0.1
gnu nano 1.3.10
gnu nano 1.3.8
gnu nano 1.3.3
gnu nano 1.3.1
gnu nano 1.2.0
gnu nano 1.1.99pre2
gnu nano 1.1.7
gnu nano 1.1.5
gnu nano 1.1.0
gnu nano 1.0.8
gnu nano 1.0.1
gnu nano 0.9.99pre3
gnu nano 0.9.21
gnu nano 0.9.19
gnu nano 0.9.14
gnu nano 0.9.12
gnu nano 0.9.5
gnu nano 0.9.3
gnu nano 0.8.6
gnu nano 0.8.4
gnu nano 0.7.9
gnu nano 0.7.7
gnu nano 0.7.0
gnu nano 0.6.8
gnu nano 0.6.1
gnu nano 0.5.5
gnu nano 0.5.0
gnu nano 2.2.1
gnu nano 2.2.0
gnu nano 2.1.99pre2
gnu nano 2.1.99pre1
gnu nano 2.1.11
gnu nano 2.0.8
gnu nano 2.0.7
gnu nano 2.0.6
gnu nano 2.0.5
gnu nano 1.3.7
gnu nano 1.3.6
gnu nano 1.3.5
gnu nano 1.3.4
gnu nano 1.1.99pre1
gnu nano 1.1.12
gnu nano 1.1.11
gnu nano 1.1.10
gnu nano 1.1.9
gnu nano 1.0.6
gnu nano 1.0.5
gnu nano 1.0.4
gnu nano 1.0.3
gnu nano 0.9.18
gnu nano 0.9.17
gnu nano 0.9.16
gnu nano 0.9.15
gnu nano 0.9.1
gnu nano 0.9.0
gnu nano 0.8.9
gnu nano 0.8.8
gnu nano 0.7.5
gnu nano 0.7.4
gnu nano 0.7.3
gnu nano 0.7.2
gnu nano 0.7.1
gnu nano 0.5.4
gnu nano 0.5.3
gnu nano 0.5.2
gnu nano 0.5.1
gnu nano 1.2.2
gnu nano 1.1.4
gnu nano 1.1.3
gnu nano 1.1.2
gnu nano 1.1.1
gnu nano 0.9.99pre1
gnu nano 0.9.25
gnu nano 0.9.24
gnu nano 0.9.23
gnu nano 0.9.10
gnu nano 0.9.9
gnu nano 0.9.8
gnu nano 0.9.7
gnu nano 0.8.3
gnu nano 0.8.2
gnu nano 0.8.1
gnu nano 0.8.0
gnu nano 0.6.6
gnu nano 0.6.5
gnu nano 0.6.4
gnu nano 0.6.3

Debian Bug report logs - #577817 CVE-2010-1160, CVE-2010-1161: two security issues Package: nano; Maintainer for nano is Jordi Mallach <jordi@debianorg>; Source for nano is src:nano (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Wed, 14 Apr 2010 20:57:01 UTC Severity: normal Tags: secur ...

CWE-59 http://drosenbe.blogspot.com/2010/03/nano-as-root.html http://www.securitytracker.com/id?1023891 http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503&root=nano&view=markup http://www.openwall.com/lists/oss-security/2010/04/14/4 http://secunia.com/advisories/39444 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577817 https://nvd.nist.gov

Get Started

CVE-2010-1160

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect