This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gnu First view 2010-04-16
Product Nano Last view 2010-04-16
Version 1.2.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:gnu:nano

Activity : Overall

Related : CVE

  Date Alert Description
3.7 2010-04-16 CVE-2010-1161

Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.

1.9 2010-04-16 CVE-2010-1160

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-362 Race Condition
50% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Open Source Vulnerability Database (OSVDB)

id Description
63873 nano Backup File Creation Race Condition
63872 nano Changed File Symlink Privilege Escalation

OpenVAS Exploits

id Description
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-08 (nano)
File : nvt/glsa_201006_08.nasl
2010-09-10 Name : Fedora Update for nano FEDORA-2010-13157
File : nvt/gb_fedora_2010_13157_nano_fc12.nasl
2010-05-07 Name : Fedora Update for nano FEDORA-2010-6775
File : nvt/gb_fedora_2010_6775_nano_fc12.nasl
2010-05-07 Name : Fedora Update for nano FEDORA-2010-6776
File : nvt/gb_fedora_2010_6776_nano_fc11.nasl

Nessus® Vulnerability Scanner

id Description
2010-09-09 Name: The remote Fedora host is missing a security update.
File: fedora_2010-13157.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-6735.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-6775.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-6776.nasl - Type: ACT_GATHER_INFO
2010-06-02 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201006-08.nasl - Type: ACT_GATHER_INFO