Summary
Detail | |||
---|---|---|---|
Vendor | Gnu | First view | 2010-04-16 |
Product | Nano | Last view | 2010-04-16 |
Version | 1.1.99pre2 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:gnu:nano |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
3.7 | 2010-04-16 | CVE-2010-1161 | Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. |
1.9 | 2010-04-16 | CVE-2010-1160 | GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-362 | Race Condition |
50% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
63873 | nano Backup File Creation Race Condition |
63872 | nano Changed File Symlink Privilege Escalation |
OpenVAS Exploits
id | Description |
---|---|
2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-08 (nano) File : nvt/glsa_201006_08.nasl |
2010-09-10 | Name : Fedora Update for nano FEDORA-2010-13157 File : nvt/gb_fedora_2010_13157_nano_fc12.nasl |
2010-05-07 | Name : Fedora Update for nano FEDORA-2010-6775 File : nvt/gb_fedora_2010_6775_nano_fc12.nasl |
2010-05-07 | Name : Fedora Update for nano FEDORA-2010-6776 File : nvt/gb_fedora_2010_6776_nano_fc11.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2010-09-09 | Name: The remote Fedora host is missing a security update. File: fedora_2010-13157.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-6735.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-6775.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-6776.nasl - Type: ACT_GATHER_INFO |
2010-06-02 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201006-08.nasl - Type: ACT_GATHER_INFO |