Executive Summary

Informations
NameCVE-2010-1160First vendor Publication2010-04-16
VendorCveLast vendor Modification2010-06-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score1.9Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1160

CWE : Common Weakness Enumeration

idName
CWE-59Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application141

OpenVAS Exploits

DateDescription
2011-03-09Name : Gentoo Security Advisory GLSA 201006-08 (nano)
File : nvt/glsa_201006_08.nasl
2010-09-10Name : Fedora Update for nano FEDORA-2010-13157
File : nvt/gb_fedora_2010_13157_nano_fc12.nasl
2010-05-07Name : Fedora Update for nano FEDORA-2010-6775
File : nvt/gb_fedora_2010_6775_nano_fc12.nasl
2010-05-07Name : Fedora Update for nano FEDORA-2010-6776
File : nvt/gb_fedora_2010_6776_nano_fc11.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
63872nano Changed File Symlink Privilege Escalation

Nessus® Vulnerability Scanner

DateDescription
2010-09-09Name : The remote Fedora host is missing a security update.
File : fedora_2010-13157.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-6735.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-6775.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-6776.nasl - Type : ACT_GATHER_INFO
2010-06-02Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201006-08.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
CONFIRMhttp://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503&roo...
MISChttp://drosenbe.blogspot.com/2010/03/nano-as-root.html
MLISThttp://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html
http://www.openwall.com/lists/oss-security/2010/04/14/4
SECTRACKhttp://www.securitytracker.com/id?1023891
SECUNIAhttp://secunia.com/advisories/39444

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:54:27
  • Multiple Updates
2013-05-10 23:21:28
  • Multiple Updates