This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Gnu | First view | 2010-04-16 |
| Product | Nano | Last view | 2010-04-16 |
| Version | 1.1.99pre2 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:gnu:nano | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 3.7 | 2010-04-16 | CVE-2010-1161 | Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. |
| 1.9 | 2010-04-16 | CVE-2010-1160 | GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-362 | Race Condition |
| 50% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 63873 | nano Backup File Creation Race Condition |
| 63872 | nano Changed File Symlink Privilege Escalation |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-08 (nano) File : nvt/glsa_201006_08.nasl |
| 2010-09-10 | Name : Fedora Update for nano FEDORA-2010-13157 File : nvt/gb_fedora_2010_13157_nano_fc12.nasl |
| 2010-05-07 | Name : Fedora Update for nano FEDORA-2010-6775 File : nvt/gb_fedora_2010_6775_nano_fc12.nasl |
| 2010-05-07 | Name : Fedora Update for nano FEDORA-2010-6776 File : nvt/gb_fedora_2010_6776_nano_fc11.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2010-09-09 | Name: The remote Fedora host is missing a security update. File: fedora_2010-13157.nasl - Type: ACT_GATHER_INFO |
| 2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-6735.nasl - Type: ACT_GATHER_INFO |
| 2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-6775.nasl - Type: ACT_GATHER_INFO |
| 2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-6776.nasl - Type: ACT_GATHER_INFO |
| 2010-06-02 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201006-08.nasl - Type: ACT_GATHER_INFO |
