Search criteria
9 vulnerabilities found for nano by gnu
FKIE_CVE-2024-5742
Vulnerability from fkie_nvd - Published: 2024-06-12 09:15 - Updated: 2024-11-21 09:48
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | nano | * | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:nano:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC6068D-F0AD-45F4-A051-622292FB64A2",
"versionEndExcluding": "8.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en GNU Nano que permite una posible escalada de privilegios a trav\u00e9s de un archivo temporal inseguro. Si Nano muere mientras edita, un archivo que guarda en un archivo de emergencia con los permisos del usuario que lo ejecuta brinda una ventana de oportunidad para que los atacantes aumenten los privilegios a trav\u00e9s de un enlace simb\u00f3lico malicioso."
}
],
"id": "CVE-2024-5742",
"lastModified": "2024-11-21T09:48:16.117",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2024-06-12T09:15:23.037",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:6986"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:9430"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-5742"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-5742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2010-1160
Vulnerability from fkie_nvd - Published: 2010-04-16 19:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | nano | * | |
| gnu | nano | 0.5.0 | |
| gnu | nano | 0.5.1 | |
| gnu | nano | 0.5.2 | |
| gnu | nano | 0.5.3 | |
| gnu | nano | 0.5.4 | |
| gnu | nano | 0.5.5 | |
| gnu | nano | 0.6.0 | |
| gnu | nano | 0.6.1 | |
| gnu | nano | 0.6.2 | |
| gnu | nano | 0.6.3 | |
| gnu | nano | 0.6.4 | |
| gnu | nano | 0.6.5 | |
| gnu | nano | 0.6.6 | |
| gnu | nano | 0.6.7 | |
| gnu | nano | 0.6.8 | |
| gnu | nano | 0.6.9 | |
| gnu | nano | 0.7.0 | |
| gnu | nano | 0.7.1 | |
| gnu | nano | 0.7.2 | |
| gnu | nano | 0.7.3 | |
| gnu | nano | 0.7.4 | |
| gnu | nano | 0.7.5 | |
| gnu | nano | 0.7.6 | |
| gnu | nano | 0.7.7 | |
| gnu | nano | 0.7.8 | |
| gnu | nano | 0.7.9 | |
| gnu | nano | 0.8.0 | |
| gnu | nano | 0.8.1 | |
| gnu | nano | 0.8.2 | |
| gnu | nano | 0.8.3 | |
| gnu | nano | 0.8.4 | |
| gnu | nano | 0.8.5 | |
| gnu | nano | 0.8.6 | |
| gnu | nano | 0.8.7 | |
| gnu | nano | 0.8.8 | |
| gnu | nano | 0.8.9 | |
| gnu | nano | 0.9.0 | |
| gnu | nano | 0.9.1 | |
| gnu | nano | 0.9.2 | |
| gnu | nano | 0.9.3 | |
| gnu | nano | 0.9.4 | |
| gnu | nano | 0.9.5 | |
| gnu | nano | 0.9.6 | |
| gnu | nano | 0.9.7 | |
| gnu | nano | 0.9.8 | |
| gnu | nano | 0.9.9 | |
| gnu | nano | 0.9.10 | |
| gnu | nano | 0.9.11 | |
| gnu | nano | 0.9.12 | |
| gnu | nano | 0.9.13 | |
| gnu | nano | 0.9.14 | |
| gnu | nano | 0.9.15 | |
| gnu | nano | 0.9.16 | |
| gnu | nano | 0.9.17 | |
| gnu | nano | 0.9.18 | |
| gnu | nano | 0.9.19 | |
| gnu | nano | 0.9.20 | |
| gnu | nano | 0.9.21 | |
| gnu | nano | 0.9.22 | |
| gnu | nano | 0.9.23 | |
| gnu | nano | 0.9.24 | |
| gnu | nano | 0.9.25 | |
| gnu | nano | 0.9.99pre1 | |
| gnu | nano | 0.9.99pre2 | |
| gnu | nano | 0.9.99pre3 | |
| gnu | nano | 1.0.0 | |
| gnu | nano | 1.0.1 | |
| gnu | nano | 1.0.2 | |
| gnu | nano | 1.0.3 | |
| gnu | nano | 1.0.4 | |
| gnu | nano | 1.0.5 | |
| gnu | nano | 1.0.6 | |
| gnu | nano | 1.0.7 | |
| gnu | nano | 1.0.8 | |
| gnu | nano | 1.0.9 | |
| gnu | nano | 1.1.0 | |
| gnu | nano | 1.1.1 | |
| gnu | nano | 1.1.2 | |
| gnu | nano | 1.1.3 | |
| gnu | nano | 1.1.4 | |
| gnu | nano | 1.1.5 | |
| gnu | nano | 1.1.6 | |
| gnu | nano | 1.1.7 | |
| gnu | nano | 1.1.8 | |
| gnu | nano | 1.1.9 | |
| gnu | nano | 1.1.10 | |
| gnu | nano | 1.1.11 | |
| gnu | nano | 1.1.12 | |
| gnu | nano | 1.1.99pre1 | |
| gnu | nano | 1.1.99pre2 | |
| gnu | nano | 1.1.99pre3 | |
| gnu | nano | 1.2.0 | |
| gnu | nano | 1.2.1 | |
| gnu | nano | 1.2.2 | |
| gnu | nano | 1.2.3 | |
| gnu | nano | 1.2.4 | |
| gnu | nano | 1.2.5 | |
| gnu | nano | 1.3.0 | |
| gnu | nano | 1.3.1 | |
| gnu | nano | 1.3.2 | |
| gnu | nano | 1.3.3 | |
| gnu | nano | 1.3.4 | |
| gnu | nano | 1.3.5 | |
| gnu | nano | 1.3.6 | |
| gnu | nano | 1.3.7 | |
| gnu | nano | 1.3.8 | |
| gnu | nano | 1.3.9 | |
| gnu | nano | 1.3.10 | |
| gnu | nano | 1.3.11 | |
| gnu | nano | 1.3.12 | |
| gnu | nano | 1.9.99pre1 | |
| gnu | nano | 1.9.99pre2 | |
| gnu | nano | 1.9.99pre3 | |
| gnu | nano | 2.0.0 | |
| gnu | nano | 2.0.1 | |
| gnu | nano | 2.0.2 | |
| gnu | nano | 2.0.3 | |
| gnu | nano | 2.0.4 | |
| gnu | nano | 2.0.5 | |
| gnu | nano | 2.0.6 | |
| gnu | nano | 2.0.7 | |
| gnu | nano | 2.0.8 | |
| gnu | nano | 2.0.9 | |
| gnu | nano | 2.1.0 | |
| gnu | nano | 2.1.1 | |
| gnu | nano | 2.1.2 | |
| gnu | nano | 2.1.3 | |
| gnu | nano | 2.1.4 | |
| gnu | nano | 2.1.5 | |
| gnu | nano | 2.1.6 | |
| gnu | nano | 2.1.7 | |
| gnu | nano | 2.1.8 | |
| gnu | nano | 2.1.9 | |
| gnu | nano | 2.1.10 | |
| gnu | nano | 2.1.11 | |
| gnu | nano | 2.1.99pre1 | |
| gnu | nano | 2.1.99pre2 | |
| gnu | nano | 2.2.0 | |
| gnu | nano | 2.2.1 | |
| gnu | nano | 2.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:nano:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B10FE0-0AEE-4091-A1F0-354B50412CA0",
"versionEndIncluding": "2.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAE7EE9-DEA7-480D-B527-44B7FA187547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "492C7264-F191-416F-9B76-701098E9ECDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F52B0085-8C5F-4FC9-88E5-4CDB78F3312D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9C0194-E91C-431F-8AC0-FE5B2829006C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC7B369-E15F-4417-9A09-AA7EA79B8468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A44F356-0816-4498-A2E8-333ED0AF99A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7E773E-1391-415E-BF1B-8ABCCC0B314F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26E50766-DAD4-4FD0-9D1E-5762B96C127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12D29C17-F2DE-4224-AA09-E8B268005260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "788E8155-7736-4137-8973-83BA61CFDAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "668C9084-1602-4FD5-9068-15430E271EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "983A0E75-1467-4A22-9A5E-F87FA96D0FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "64318400-2254-4987-887C-36DF63412682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9CD1A8-8CA9-48DD-B089-73E0086D289C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7313309E-C1A5-4D80-9304-2995363F647F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "97F78507-AE0B-44D3-84EC-2327F6B10458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "193D97E1-659F-4CEA-BABB-EB1C889F1F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D37A3A00-B138-407E-9FC2-00F3716DAF3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "479B967C-6433-4A69-9417-F90D901DC2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98D22140-7F4A-49E9-800F-A3EC9E3A1A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "134537FB-CCE2-4A00-B65D-A7187EBC13DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348208D7-1134-4624-B34F-CFCCEBE3A094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD993CD-DE0E-4011-B503-EC0872C3948B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A9B0B2-6384-4A2B-9D81-21F7EDA7EFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "17467C9C-6924-4D01-8824-0028C1B8B02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "25D99DC7-E490-41A5-B33C-C1D4682021B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E48EBD5-7CCC-49DB-A186-8C4D87167B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE8BF11-1CC7-4D57-A270-69FF0DE7A0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4BD0609D-F396-484A-998E-9008F29FBB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E815C49A-A371-4733-B4E1-332401886538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48764ED5-79AC-4AC6-8E24-BB2D3724061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB96C5A3-3BA2-46D6-870B-320771430E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD99C18-D837-4536-A2DB-4E55CDC1D1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "350D032C-14E5-4893-B24B-BBDE3EC148DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "16600857-8C83-4B51-8909-89F6DE67C955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49CB8772-C9AD-4A2C-B5DE-7D841834409B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13AC34F4-3702-4EDB-8EC4-C6F002AD9DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAC2D40-DAD7-42F7-8CA0-DFB677F01729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93FAB5B1-284A-4BF9-9AD5-8447B077B1E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "304DF414-31EB-4FCA-AEE6-0F32BAB332A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E7835C67-5FA5-4F62-BD96-F9A1CA0BC32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61FD3A61-39A0-446B-8B50-E94F1B036606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BC942DE0-1906-4AA8-85A2-6D2594BF06F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39AA92B1-CBEE-4E8F-AC19-3C42966CF67F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A01EA657-A4C5-448D-A0BA-ECA413EE472B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3283EA9C-8E06-4077-9304-9B3B830B59DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "47A3BC1B-6D8D-43CE-909A-C9932FD672D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC8E41F-8AEF-4EA2-B3A2-F3CABE7AE5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8381447C-A92D-4D9D-A208-0C3073F3BDEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6D54D1-4E24-45CF-B303-A1CBFF339842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D38FA58-E510-4CC0-80FE-CF19B8336A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "722D1833-F3F6-437D-BD70-ECAB4CAD85A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE6062C-9ABC-4544-8BDE-FE242016E0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.17:*:*:*:*:*:*:*",
"matchCriteriaId": "583A51DE-51AB-4777-A8DD-7922DFEFDE7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3A47CB61-5CF0-41A7-B955-8F95CE6A2339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2688B9DB-1DF5-4140-90BC-524E832AB51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "85603BB9-12A7-4717-9C08-19EF5B52D799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B556F230-91E8-45F1-B69C-94618E6903F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C6061D91-3966-4A28-8D33-1781A63F00CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.23:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC403BF-07AB-426C-B2EA-300E6D18F514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0989010E-5350-4DEA-9689-A5D39216103E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.25:*:*:*:*:*:*:*",
"matchCriteriaId": "526EDB00-B327-4003-B964-2BAA2E634BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.99pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C548D9-D598-4C77-A49C-AFD45EA1F27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.99pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6BEB7B-C698-4EF0-90E5-5E7D1940C111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.99pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "10877ACD-C34D-48EB-AEFE-ABF050D24F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5D1A7A-E299-4751-A64A-431F7E94E717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4AA124-B4B9-440F-B202-E0CEC9102394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF45BF3-F4BB-4707-81D8-9510AC6B7F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68AA6BD3-0B9F-44BA-B475-06E3AB6405A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2CE86A-7B58-4665-B1B9-3AB9D97AFE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AC560F59-FC48-469F-92CD-2010D2D857EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85F24774-D4B7-403F-881F-6F09C1E451F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "629595F9-D96C-40F3-A7C6-EAB4BB82251A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9067C91B-7894-4DD2-8957-3E91E8FBFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "95BD2E52-EF88-4DDE-B7FB-92C2AB5497C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43097361-EC72-4FB3-BA24-1ACEF252236D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "462D01E1-6246-4075-B9A5-700E9BF682B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD81272-04D6-4754-8479-3970B8D08BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3481E4F3-9452-4BF6-B5F2-7B9F516B8F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17FC653A-CF75-4A6E-A804-5B486F93D093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B98274A8-75D6-4465-8E87-E7CF2D1A161E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1923B3-7DC8-4314-9C83-D5DE99661A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E6596F13-B9A9-42AF-AB8A-A195D39871BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F00EF754-9E5F-4E38-841D-309189EAAA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "479E5340-369A-4048-9995-5F2E41D22B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2445E049-EEE9-41F5-A083-424A5AA74BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2976C189-F64C-475E-A3E7-F32C5CC0938F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92E4A0-4F7F-4EE1-B651-313723CD3982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.99pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "05347F20-8AE9-4D19-9040-03D5BB0D5BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.99pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "F00D4983-7FE4-420A-AC44-5AF038592D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.99pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E437D35-E51C-4DA5-93FE-A8D505A2966F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85DE004D-7B05-4E60-B782-22DB4FB0BF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11DEBBA8-97BB-42DA-8225-0CA09A0A3B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8F7492-A521-4CAD-8A42-5D0B6B9D0B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "095D9677-171F-4BD8-8180-EC98FB1A1019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E66B8F2-2171-47A7-A9BB-69253D9A7462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "627526B0-350B-48B8-87A8-A230E62746F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56F5E5B7-3E09-4FB5-897E-3C82131B7A47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA276385-C2EC-4B63-879C-BC7407F3DF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3949B7-7C07-48A1-8872-5639FBDAEF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "485AB880-DDF6-4C51-B0F9-BB51FD051CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4554F663-12FE-4874-810B-464E4CB6E467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F171A6CB-721D-4A1A-958B-63736898F35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF1CF52-5D00-4E5F-93BC-1842F023F510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D805AC2C-573E-4B28-8BFA-A1284AEF6DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "900FB233-CE85-4C92-92D2-25EDAA299429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7843E1A8-983A-4079-9419-E5CC4E87046A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "76683D07-F4FB-4DB8-9CE8-917DE31FF609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "304D121C-B38B-44D3-B7D9-933229C5788D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "319ABF9F-2EBC-4CE3-A4FC-AD843F7B4371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.9.99pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "201735FB-50E8-4FE6-8F64-E656FEDA730D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.9.99pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "D48F6D9A-2F33-478C-9543-BBC219720029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.9.99pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA16F38-F9F7-48F4-ACD6-584F6FE3705C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75C34ED0-8646-4EC7-A454-F3E67E3C3ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0A8C3-862B-48D0-B24F-E6B9E50F1D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93A05F89-B948-423D-B9DA-6E7BE5C8C08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "788B4B4F-5F06-4513-A191-12CE40AA6D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B874744-E9A4-4200-A283-04979B84189C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCBC96F-0FFC-45D2-AA85-EED1E441BB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4470D295-F0CF-4026-B09F-DDF2D0E1D597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "19995087-2549-4E85-B4C9-66F3198822BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "32A6EEB9-94C6-4B07-9B53-DAB5E5E6BFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AB36D-DC87-4782-972C-13F0654C6562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C387792-F9A2-45CA-B214-6E8FC7D3D1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50E745D0-4ABF-47EC-9F8A-FADC2F51FD7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94DE1B89-E4C3-4D45-886B-BB17FBCF7339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "33D789DA-9448-4F9E-B26B-5F4A3DFBFABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1F811A05-7039-4561-AD58-F4D8048AF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7E20AAE7-7B5E-4A62-AA5F-B5B685312E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07381378-306D-4F57-A513-C6EC7EE57318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AAC1BEE2-7649-475F-9087-4DAC64C04135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D1B040E6-90DD-4CE4-8BEE-E81A89EF63D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF54BA4-D4B1-4EDB-AE26-0E51E68BAA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2839F928-E9C7-4A3E-BAFA-3E415C481961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4FCDFAEF-6B6C-4029-B127-3A5EF4C12536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.99pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5A7E31-CA6E-4AE6-A4E7-3F3CC3B6F0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.99pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "9776DC31-7720-4B2A-9134-1C3F2BD5B52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3858BA68-831D-4C6B-8905-148A6113CE74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD9DDCE-1AEA-4EBB-B00D-49A869B919FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF03EC98-FEB7-4C04-A830-84F7CECCA91B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim."
},
{
"lang": "es",
"value": "GNU nano anterior v2.2.4 no verificansi un fichero hasido cambiado antes de ser sobreescrito en una operaci\u00f3n de salvado, lo que permite a atacantes locales asistidos por usuario escribir en archivos de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico en un fichero propiedad del atacante que es editando por la v\u00edctima."
}
],
"id": "CVE-2010-1160",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-16T19:30:00.460",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39444"
},
{
"source": "secalert@redhat.com",
"url": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503\u0026root=nano\u0026view=markup"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1023891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503\u0026root=nano\u0026view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023891"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2010-1160\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
"lastModified": "2010-04-16T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1161
Vulnerability from fkie_nvd - Published: 2010-04-16 19:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | nano | * | |
| gnu | nano | 0.5.0 | |
| gnu | nano | 0.5.1 | |
| gnu | nano | 0.5.2 | |
| gnu | nano | 0.5.3 | |
| gnu | nano | 0.5.4 | |
| gnu | nano | 0.5.5 | |
| gnu | nano | 0.6.0 | |
| gnu | nano | 0.6.1 | |
| gnu | nano | 0.6.2 | |
| gnu | nano | 0.6.3 | |
| gnu | nano | 0.6.4 | |
| gnu | nano | 0.6.5 | |
| gnu | nano | 0.6.6 | |
| gnu | nano | 0.6.7 | |
| gnu | nano | 0.6.8 | |
| gnu | nano | 0.6.9 | |
| gnu | nano | 0.7.0 | |
| gnu | nano | 0.7.1 | |
| gnu | nano | 0.7.2 | |
| gnu | nano | 0.7.3 | |
| gnu | nano | 0.7.4 | |
| gnu | nano | 0.7.5 | |
| gnu | nano | 0.7.6 | |
| gnu | nano | 0.7.7 | |
| gnu | nano | 0.7.8 | |
| gnu | nano | 0.7.9 | |
| gnu | nano | 0.8.0 | |
| gnu | nano | 0.8.1 | |
| gnu | nano | 0.8.2 | |
| gnu | nano | 0.8.3 | |
| gnu | nano | 0.8.4 | |
| gnu | nano | 0.8.5 | |
| gnu | nano | 0.8.6 | |
| gnu | nano | 0.8.7 | |
| gnu | nano | 0.8.8 | |
| gnu | nano | 0.8.9 | |
| gnu | nano | 0.9.0 | |
| gnu | nano | 0.9.1 | |
| gnu | nano | 0.9.2 | |
| gnu | nano | 0.9.3 | |
| gnu | nano | 0.9.4 | |
| gnu | nano | 0.9.5 | |
| gnu | nano | 0.9.6 | |
| gnu | nano | 0.9.7 | |
| gnu | nano | 0.9.8 | |
| gnu | nano | 0.9.9 | |
| gnu | nano | 0.9.10 | |
| gnu | nano | 0.9.11 | |
| gnu | nano | 0.9.12 | |
| gnu | nano | 0.9.13 | |
| gnu | nano | 0.9.14 | |
| gnu | nano | 0.9.15 | |
| gnu | nano | 0.9.16 | |
| gnu | nano | 0.9.17 | |
| gnu | nano | 0.9.18 | |
| gnu | nano | 0.9.19 | |
| gnu | nano | 0.9.20 | |
| gnu | nano | 0.9.21 | |
| gnu | nano | 0.9.22 | |
| gnu | nano | 0.9.23 | |
| gnu | nano | 0.9.24 | |
| gnu | nano | 0.9.25 | |
| gnu | nano | 0.9.99pre1 | |
| gnu | nano | 0.9.99pre2 | |
| gnu | nano | 0.9.99pre3 | |
| gnu | nano | 1.0.0 | |
| gnu | nano | 1.0.1 | |
| gnu | nano | 1.0.2 | |
| gnu | nano | 1.0.3 | |
| gnu | nano | 1.0.4 | |
| gnu | nano | 1.0.5 | |
| gnu | nano | 1.0.6 | |
| gnu | nano | 1.0.7 | |
| gnu | nano | 1.0.8 | |
| gnu | nano | 1.0.9 | |
| gnu | nano | 1.1.0 | |
| gnu | nano | 1.1.1 | |
| gnu | nano | 1.1.2 | |
| gnu | nano | 1.1.3 | |
| gnu | nano | 1.1.4 | |
| gnu | nano | 1.1.5 | |
| gnu | nano | 1.1.6 | |
| gnu | nano | 1.1.7 | |
| gnu | nano | 1.1.8 | |
| gnu | nano | 1.1.9 | |
| gnu | nano | 1.1.10 | |
| gnu | nano | 1.1.11 | |
| gnu | nano | 1.1.12 | |
| gnu | nano | 1.1.99pre1 | |
| gnu | nano | 1.1.99pre2 | |
| gnu | nano | 1.1.99pre3 | |
| gnu | nano | 1.2.0 | |
| gnu | nano | 1.2.1 | |
| gnu | nano | 1.2.2 | |
| gnu | nano | 1.2.3 | |
| gnu | nano | 1.2.4 | |
| gnu | nano | 1.2.5 | |
| gnu | nano | 1.3.0 | |
| gnu | nano | 1.3.1 | |
| gnu | nano | 1.3.2 | |
| gnu | nano | 1.3.3 | |
| gnu | nano | 1.3.4 | |
| gnu | nano | 1.3.5 | |
| gnu | nano | 1.3.6 | |
| gnu | nano | 1.3.7 | |
| gnu | nano | 1.3.8 | |
| gnu | nano | 1.3.9 | |
| gnu | nano | 1.3.10 | |
| gnu | nano | 1.3.11 | |
| gnu | nano | 1.3.12 | |
| gnu | nano | 1.9.99pre1 | |
| gnu | nano | 1.9.99pre2 | |
| gnu | nano | 1.9.99pre3 | |
| gnu | nano | 2.0.0 | |
| gnu | nano | 2.0.1 | |
| gnu | nano | 2.0.2 | |
| gnu | nano | 2.0.3 | |
| gnu | nano | 2.0.4 | |
| gnu | nano | 2.0.5 | |
| gnu | nano | 2.0.6 | |
| gnu | nano | 2.0.7 | |
| gnu | nano | 2.0.8 | |
| gnu | nano | 2.0.9 | |
| gnu | nano | 2.1.0 | |
| gnu | nano | 2.1.1 | |
| gnu | nano | 2.1.2 | |
| gnu | nano | 2.1.3 | |
| gnu | nano | 2.1.4 | |
| gnu | nano | 2.1.5 | |
| gnu | nano | 2.1.6 | |
| gnu | nano | 2.1.7 | |
| gnu | nano | 2.1.8 | |
| gnu | nano | 2.1.9 | |
| gnu | nano | 2.1.10 | |
| gnu | nano | 2.1.11 | |
| gnu | nano | 2.1.99pre1 | |
| gnu | nano | 2.1.99pre2 | |
| gnu | nano | 2.2.0 | |
| gnu | nano | 2.2.1 | |
| gnu | nano | 2.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:nano:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B10FE0-0AEE-4091-A1F0-354B50412CA0",
"versionEndIncluding": "2.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAE7EE9-DEA7-480D-B527-44B7FA187547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "492C7264-F191-416F-9B76-701098E9ECDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F52B0085-8C5F-4FC9-88E5-4CDB78F3312D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9C0194-E91C-431F-8AC0-FE5B2829006C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC7B369-E15F-4417-9A09-AA7EA79B8468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A44F356-0816-4498-A2E8-333ED0AF99A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7E773E-1391-415E-BF1B-8ABCCC0B314F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26E50766-DAD4-4FD0-9D1E-5762B96C127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12D29C17-F2DE-4224-AA09-E8B268005260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "788E8155-7736-4137-8973-83BA61CFDAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "668C9084-1602-4FD5-9068-15430E271EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "983A0E75-1467-4A22-9A5E-F87FA96D0FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "64318400-2254-4987-887C-36DF63412682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9CD1A8-8CA9-48DD-B089-73E0086D289C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7313309E-C1A5-4D80-9304-2995363F647F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "97F78507-AE0B-44D3-84EC-2327F6B10458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "193D97E1-659F-4CEA-BABB-EB1C889F1F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D37A3A00-B138-407E-9FC2-00F3716DAF3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "479B967C-6433-4A69-9417-F90D901DC2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98D22140-7F4A-49E9-800F-A3EC9E3A1A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "134537FB-CCE2-4A00-B65D-A7187EBC13DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348208D7-1134-4624-B34F-CFCCEBE3A094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD993CD-DE0E-4011-B503-EC0872C3948B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A9B0B2-6384-4A2B-9D81-21F7EDA7EFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "17467C9C-6924-4D01-8824-0028C1B8B02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "25D99DC7-E490-41A5-B33C-C1D4682021B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E48EBD5-7CCC-49DB-A186-8C4D87167B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE8BF11-1CC7-4D57-A270-69FF0DE7A0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4BD0609D-F396-484A-998E-9008F29FBB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E815C49A-A371-4733-B4E1-332401886538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48764ED5-79AC-4AC6-8E24-BB2D3724061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB96C5A3-3BA2-46D6-870B-320771430E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD99C18-D837-4536-A2DB-4E55CDC1D1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "350D032C-14E5-4893-B24B-BBDE3EC148DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "16600857-8C83-4B51-8909-89F6DE67C955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49CB8772-C9AD-4A2C-B5DE-7D841834409B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13AC34F4-3702-4EDB-8EC4-C6F002AD9DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAC2D40-DAD7-42F7-8CA0-DFB677F01729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93FAB5B1-284A-4BF9-9AD5-8447B077B1E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "304DF414-31EB-4FCA-AEE6-0F32BAB332A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E7835C67-5FA5-4F62-BD96-F9A1CA0BC32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61FD3A61-39A0-446B-8B50-E94F1B036606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BC942DE0-1906-4AA8-85A2-6D2594BF06F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39AA92B1-CBEE-4E8F-AC19-3C42966CF67F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A01EA657-A4C5-448D-A0BA-ECA413EE472B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3283EA9C-8E06-4077-9304-9B3B830B59DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "47A3BC1B-6D8D-43CE-909A-C9932FD672D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC8E41F-8AEF-4EA2-B3A2-F3CABE7AE5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8381447C-A92D-4D9D-A208-0C3073F3BDEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6D54D1-4E24-45CF-B303-A1CBFF339842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D38FA58-E510-4CC0-80FE-CF19B8336A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "722D1833-F3F6-437D-BD70-ECAB4CAD85A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE6062C-9ABC-4544-8BDE-FE242016E0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.17:*:*:*:*:*:*:*",
"matchCriteriaId": "583A51DE-51AB-4777-A8DD-7922DFEFDE7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3A47CB61-5CF0-41A7-B955-8F95CE6A2339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2688B9DB-1DF5-4140-90BC-524E832AB51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "85603BB9-12A7-4717-9C08-19EF5B52D799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B556F230-91E8-45F1-B69C-94618E6903F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C6061D91-3966-4A28-8D33-1781A63F00CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.23:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC403BF-07AB-426C-B2EA-300E6D18F514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0989010E-5350-4DEA-9689-A5D39216103E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.25:*:*:*:*:*:*:*",
"matchCriteriaId": "526EDB00-B327-4003-B964-2BAA2E634BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.99pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C548D9-D598-4C77-A49C-AFD45EA1F27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.99pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6BEB7B-C698-4EF0-90E5-5E7D1940C111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:0.9.99pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "10877ACD-C34D-48EB-AEFE-ABF050D24F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5D1A7A-E299-4751-A64A-431F7E94E717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4AA124-B4B9-440F-B202-E0CEC9102394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF45BF3-F4BB-4707-81D8-9510AC6B7F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68AA6BD3-0B9F-44BA-B475-06E3AB6405A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2CE86A-7B58-4665-B1B9-3AB9D97AFE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AC560F59-FC48-469F-92CD-2010D2D857EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85F24774-D4B7-403F-881F-6F09C1E451F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "629595F9-D96C-40F3-A7C6-EAB4BB82251A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9067C91B-7894-4DD2-8957-3E91E8FBFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "95BD2E52-EF88-4DDE-B7FB-92C2AB5497C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43097361-EC72-4FB3-BA24-1ACEF252236D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "462D01E1-6246-4075-B9A5-700E9BF682B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD81272-04D6-4754-8479-3970B8D08BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3481E4F3-9452-4BF6-B5F2-7B9F516B8F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17FC653A-CF75-4A6E-A804-5B486F93D093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B98274A8-75D6-4465-8E87-E7CF2D1A161E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1923B3-7DC8-4314-9C83-D5DE99661A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E6596F13-B9A9-42AF-AB8A-A195D39871BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F00EF754-9E5F-4E38-841D-309189EAAA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "479E5340-369A-4048-9995-5F2E41D22B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2445E049-EEE9-41F5-A083-424A5AA74BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2976C189-F64C-475E-A3E7-F32C5CC0938F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92E4A0-4F7F-4EE1-B651-313723CD3982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.99pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "05347F20-8AE9-4D19-9040-03D5BB0D5BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.99pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "F00D4983-7FE4-420A-AC44-5AF038592D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.1.99pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E437D35-E51C-4DA5-93FE-A8D505A2966F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85DE004D-7B05-4E60-B782-22DB4FB0BF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11DEBBA8-97BB-42DA-8225-0CA09A0A3B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8F7492-A521-4CAD-8A42-5D0B6B9D0B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "095D9677-171F-4BD8-8180-EC98FB1A1019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E66B8F2-2171-47A7-A9BB-69253D9A7462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "627526B0-350B-48B8-87A8-A230E62746F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56F5E5B7-3E09-4FB5-897E-3C82131B7A47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA276385-C2EC-4B63-879C-BC7407F3DF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3949B7-7C07-48A1-8872-5639FBDAEF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "485AB880-DDF6-4C51-B0F9-BB51FD051CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4554F663-12FE-4874-810B-464E4CB6E467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F171A6CB-721D-4A1A-958B-63736898F35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF1CF52-5D00-4E5F-93BC-1842F023F510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D805AC2C-573E-4B28-8BFA-A1284AEF6DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "900FB233-CE85-4C92-92D2-25EDAA299429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7843E1A8-983A-4079-9419-E5CC4E87046A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "76683D07-F4FB-4DB8-9CE8-917DE31FF609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "304D121C-B38B-44D3-B7D9-933229C5788D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "319ABF9F-2EBC-4CE3-A4FC-AD843F7B4371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.9.99pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "201735FB-50E8-4FE6-8F64-E656FEDA730D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.9.99pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "D48F6D9A-2F33-478C-9543-BBC219720029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:1.9.99pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA16F38-F9F7-48F4-ACD6-584F6FE3705C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75C34ED0-8646-4EC7-A454-F3E67E3C3ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0A8C3-862B-48D0-B24F-E6B9E50F1D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93A05F89-B948-423D-B9DA-6E7BE5C8C08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "788B4B4F-5F06-4513-A191-12CE40AA6D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B874744-E9A4-4200-A283-04979B84189C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCBC96F-0FFC-45D2-AA85-EED1E441BB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4470D295-F0CF-4026-B09F-DDF2D0E1D597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "19995087-2549-4E85-B4C9-66F3198822BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "32A6EEB9-94C6-4B07-9B53-DAB5E5E6BFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AB36D-DC87-4782-972C-13F0654C6562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C387792-F9A2-45CA-B214-6E8FC7D3D1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50E745D0-4ABF-47EC-9F8A-FADC2F51FD7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94DE1B89-E4C3-4D45-886B-BB17FBCF7339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "33D789DA-9448-4F9E-B26B-5F4A3DFBFABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1F811A05-7039-4561-AD58-F4D8048AF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7E20AAE7-7B5E-4A62-AA5F-B5B685312E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07381378-306D-4F57-A513-C6EC7EE57318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AAC1BEE2-7649-475F-9087-4DAC64C04135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D1B040E6-90DD-4CE4-8BEE-E81A89EF63D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF54BA4-D4B1-4EDB-AE26-0E51E68BAA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2839F928-E9C7-4A3E-BAFA-3E415C481961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4FCDFAEF-6B6C-4029-B127-3A5EF4C12536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.99pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5A7E31-CA6E-4AE6-A4E7-3F3CC3B6F0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.1.99pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "9776DC31-7720-4B2A-9134-1C3F2BD5B52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3858BA68-831D-4C6B-8905-148A6113CE74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD9DDCE-1AEA-4EBB-B00D-49A869B919FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:nano:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF03EC98-FEB7-4C04-A830-84F7CECCA91B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files."
},
{
"lang": "es",
"value": "Condici\u00f3n Race en GNU nano anterior v2.2.4, cuando se ejecuta como root edita un fichero que no es propiedad de root, permitiendo a atacantes locales asistidos por usuario cambiar el propietario de ficheros de su elecci\u00f3n a trav\u00e9s de vectores relacionados en la creaci\u00f3n de ficheros de backup. \r\n"
}
],
"id": "CVE-2010-1161",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-16T19:30:00.493",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39444"
},
{
"source": "secalert@redhat.com",
"url": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503\u0026root=nano\u0026view=markup"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1023891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503\u0026root=nano\u0026view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023891"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2010-1161\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
"lastModified": "2010-04-16T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-5742 (GCVE-0-2024-5742)
Vulnerability from cvelistv5 – Published: 2024-06-12 08:53 – Updated: 2025-11-21 07:02
VLAI?
Title
Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file
Summary
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
Severity ?
6.7 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T20:27:39.384448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T20:28:33.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:07.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-5742"
},
{
"name": "RHBZ#2278574",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.savannah.gnu.org/git/nano.git",
"defaultStatus": "affected",
"packageName": "nano"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "nano",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.8-3.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "nano",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.6.1-6.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "nano",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "nano",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "nano",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2024-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T07:02:53.182Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:6986",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:6986"
},
{
"name": "RHSA-2024:9430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9430"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-5742"
},
{
"name": "RHBZ#2278574",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-02T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-04-28T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file",
"x_redhatCweChain": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-5742",
"datePublished": "2024-06-12T08:53:02.256Z",
"dateReserved": "2024-06-07T12:22:38.441Z",
"dateUpdated": "2025-11-21T07:02:53.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2010-1161 (GCVE-0-2010-1161)
Vulnerability from cvelistv5 – Published: 2010-04-16 19:00 – Updated: 2024-08-07 01:14
VLAI?
Summary
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Nano-devel] 20100407 New prerelease for security tweaks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503\u0026root=nano\u0026view=markup"
},
{
"name": "[oss-security] 20100414 CVE request: GNU nano (minor)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/4"
},
{
"name": "1023891",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023891"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html"
},
{
"name": "39444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-16T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Nano-devel] 20100407 New prerelease for security tweaks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503\u0026root=nano\u0026view=markup"
},
{
"name": "[oss-security] 20100414 CVE request: GNU nano (minor)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/4"
},
{
"name": "1023891",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023891"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html"
},
{
"name": "39444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39444"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1161",
"datePublished": "2010-04-16T19:00:00Z",
"dateReserved": "2010-03-29T00:00:00Z",
"dateUpdated": "2024-08-07T01:14:06.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1160 (GCVE-0-2010-1160)
Vulnerability from cvelistv5 – Published: 2010-04-16 19:00 – Updated: 2024-08-07 01:14
VLAI?
Summary
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Nano-devel] 20100407 New prerelease for security tweaks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503\u0026root=nano\u0026view=markup"
},
{
"name": "[oss-security] 20100414 CVE request: GNU nano (minor)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/4"
},
{
"name": "1023891",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023891"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html"
},
{
"name": "39444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-16T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Nano-devel] 20100407 New prerelease for security tweaks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503\u0026root=nano\u0026view=markup"
},
{
"name": "[oss-security] 20100414 CVE request: GNU nano (minor)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/4"
},
{
"name": "1023891",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023891"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html"
},
{
"name": "39444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39444"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1160",
"datePublished": "2010-04-16T19:00:00Z",
"dateReserved": "2010-03-29T00:00:00Z",
"dateUpdated": "2024-08-07T01:14:06.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5742 (GCVE-0-2024-5742)
Vulnerability from nvd – Published: 2024-06-12 08:53 – Updated: 2025-11-21 07:02
VLAI?
Title
Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file
Summary
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
Severity ?
6.7 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T20:27:39.384448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T20:28:33.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:07.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-5742"
},
{
"name": "RHBZ#2278574",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.savannah.gnu.org/git/nano.git",
"defaultStatus": "affected",
"packageName": "nano"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "nano",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.9.8-3.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "nano",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.6.1-6.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "nano",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "nano",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "nano",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2024-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T07:02:53.182Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:6986",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:6986"
},
{
"name": "RHSA-2024:9430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9430"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-5742"
},
{
"name": "RHBZ#2278574",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-02T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-04-28T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file",
"x_redhatCweChain": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-5742",
"datePublished": "2024-06-12T08:53:02.256Z",
"dateReserved": "2024-06-07T12:22:38.441Z",
"dateUpdated": "2025-11-21T07:02:53.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2010-1161 (GCVE-0-2010-1161)
Vulnerability from nvd – Published: 2010-04-16 19:00 – Updated: 2024-08-07 01:14
VLAI?
Summary
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Nano-devel] 20100407 New prerelease for security tweaks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503\u0026root=nano\u0026view=markup"
},
{
"name": "[oss-security] 20100414 CVE request: GNU nano (minor)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/4"
},
{
"name": "1023891",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023891"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html"
},
{
"name": "39444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-16T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Nano-devel] 20100407 New prerelease for security tweaks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503\u0026root=nano\u0026view=markup"
},
{
"name": "[oss-security] 20100414 CVE request: GNU nano (minor)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/4"
},
{
"name": "1023891",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023891"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html"
},
{
"name": "39444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39444"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1161",
"datePublished": "2010-04-16T19:00:00Z",
"dateReserved": "2010-03-29T00:00:00Z",
"dateUpdated": "2024-08-07T01:14:06.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1160 (GCVE-0-2010-1160)
Vulnerability from nvd – Published: 2010-04-16 19:00 – Updated: 2024-08-07 01:14
VLAI?
Summary
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Nano-devel] 20100407 New prerelease for security tweaks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503\u0026root=nano\u0026view=markup"
},
{
"name": "[oss-security] 20100414 CVE request: GNU nano (minor)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/4"
},
{
"name": "1023891",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023891"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html"
},
{
"name": "39444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-16T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Nano-devel] 20100407 New prerelease for security tweaks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503\u0026root=nano\u0026view=markup"
},
{
"name": "[oss-security] 20100414 CVE request: GNU nano (minor)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/4"
},
{
"name": "1023891",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023891"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html"
},
{
"name": "39444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39444"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1160",
"datePublished": "2010-04-16T19:00:00Z",
"dateReserved": "2010-03-29T00:00:00Z",
"dateUpdated": "2024-08-07T01:14:06.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}