Published: 16/04/2010 Updated: 07/06/2010

CVSS v2 Base Score: 3.7 | Impact Score: 6.4 | Exploitability Score: 1.9

VMScore: 329

Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Race condition in GNU nano prior to 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted malicious users to change the ownership of arbitrary files via vectors related to the creation of backup files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu nano 2.2.1
gnu nano 2.1.99pre2
gnu nano 2.1.8
gnu nano 2.1.6
gnu nano 2.0.9
gnu nano 2.0.7
gnu nano 2.0.2
gnu nano 2.0.0
gnu nano 1.9.99pre2
gnu nano 1.3.9
gnu nano 1.3.7
gnu nano 1.3.0
gnu nano 1.2.4
gnu nano 1.1.99pre1
gnu nano 1.1.11
gnu nano 1.1.6
gnu nano 1.1.4
gnu nano 1.0.7
gnu nano 1.0.5
gnu nano 0.9.99pre2
gnu nano 0.9.25
gnu nano 0.9.20
gnu nano 0.9.18
gnu nano 0.9.11
gnu nano 0.9.9
gnu nano 0.9.2
gnu nano 0.9.0
gnu nano 0.8.5
gnu nano 2.1.4
gnu nano 2.1.3
gnu nano 2.1.2
gnu nano 2.1.1
gnu nano 1.9.99pre1
gnu nano 1.3.12
gnu nano 1.3.11
gnu nano 1.3.10
gnu nano 1.2.3
gnu nano 1.2.2
gnu nano 1.2.1
gnu nano 1.2.0
gnu nano 1.1.99pre3
gnu nano 1.1.2
gnu nano 1.1.1
gnu nano 1.1.0
gnu nano 1.0.9
gnu nano 0.9.24
gnu nano 0.9.23
gnu nano 0.9.22
gnu nano 0.9.21
gnu nano 0.9.8
gnu nano 0.9.7
gnu nano 0.9.6
gnu nano 0.9.5
gnu nano 0.9.4
gnu nano 0.8.1
gnu nano 0.8.0
gnu nano 0.7.9
gnu nano 0.7.8
gnu nano 0.6.4
gnu nano 0.6.3
gnu nano 0.6.2
gnu nano 0.6.1
gnu nano 2.1.99pre1
gnu nano 2.1.11
gnu nano 2.1.10
gnu nano 2.1.9
gnu nano 2.0.6
gnu nano 2.0.5
gnu nano 2.0.4
gnu nano 2.0.3
gnu nano 1.3.5
gnu nano 1.3.4
gnu nano 1.3.3
gnu nano 1.3.2
gnu nano 1.1.10
gnu nano 1.1.9
gnu nano 1.1.8
gnu nano 1.1.7
gnu nano 1.0.4
gnu nano 1.0.3
gnu nano 1.0.2
gnu nano 1.0.1
gnu nano 1.0.0
gnu nano 0.9.16
gnu nano 0.9.15
gnu nano 0.9.14
gnu nano 0.9.13
gnu nano 0.8.9
gnu nano 0.8.8
gnu nano 0.8.7
gnu nano 0.8.6
gnu nano 0.7.2
gnu nano 0.7.1
gnu nano 0.7.0
gnu nano 0.6.9
gnu nano 0.5.2
gnu nano 0.5.1
gnu nano 0.5.0
gnu nano
gnu nano 0.8.3
gnu nano 0.7.6
gnu nano 0.7.4
gnu nano 0.6.7
gnu nano 0.6.5
gnu nano 0.6.0
gnu nano 0.5.4
gnu nano 2.2.2
gnu nano 2.2.0
gnu nano 2.1.7
gnu nano 2.1.5
gnu nano 2.1.0
gnu nano 2.0.8
gnu nano 2.0.1
gnu nano 1.9.99pre3
gnu nano 1.3.8
gnu nano 1.3.6
gnu nano 1.3.1
gnu nano 1.2.5
gnu nano 1.1.99pre2
gnu nano 1.1.12
gnu nano 1.1.5
gnu nano 1.1.3
gnu nano 1.0.8
gnu nano 1.0.6
gnu nano 0.9.99pre3
gnu nano 0.9.99pre1
gnu nano 0.9.19
gnu nano 0.9.17
gnu nano 0.9.12
gnu nano 0.9.10
gnu nano 0.9.3
gnu nano 0.9.1
gnu nano 0.8.4
gnu nano 0.8.2
gnu nano 0.7.7
gnu nano 0.7.5
gnu nano 0.7.3
gnu nano 0.6.8
gnu nano 0.6.6
gnu nano 0.5.5
gnu nano 0.5.3

Debian Bug report logs - #577817 CVE-2010-1160, CVE-2010-1161: two security issues Package: nano; Maintainer for nano is Jordi Mallach <jordi@debianorg>; Source for nano is src:nano (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Wed, 14 Apr 2010 20:57:01 UTC Severity: normal Tags: secur ...

CWE-362 http://secunia.com/advisories/39444 http://www.openwall.com/lists/oss-security/2010/04/14/4 http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503&root=nano&view=markup http://www.securitytracker.com/id?1023891 http://drosenbe.blogspot.com/2010/03/nano-as-root.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577817 https://nvd.nist.gov

Get Started

CVE-2010-1161

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect