Executive Summary

Informations
NameCVE-2010-1160First vendor Publication2010-04-16
VendorCveLast vendor Modification2010-06-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score1.9Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score3.4AuthentificationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1160

CWE : Common Weakness Enumeration

idName
CWE-59Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application141

Open Source Vulnerability Database (OSVDB)

idDescription
63872nano Changed File Symlink Privilege Escalation

Internal Sources (Detail)

SourceUrl
CONFIRMhttp://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503&roo...
MISChttp://drosenbe.blogspot.com/2010/03/nano-as-root.html
MLISThttp://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html
http://www.openwall.com/lists/oss-security/2010/04/14/4
SECTRACKhttp://www.securitytracker.com/id?1023891
SECUNIAhttp://secunia.com/advisories/39444

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 23:21:28
  • Multiple Updates