Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-1160

Опубликовано: 02 апр. 2010
Источник: redhat
CVSS2: 3.6

Описание

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.

Отчет

This issue was corrected in Red Hat Enterprise Linux 6 prior to its initial release. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates for this or earlier releases. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 3nanoWill not fix
Red Hat Enterprise Linux 4nanoWill not fix
Red Hat Enterprise Linux 5nanoWill not fix
Red Hat Enterprise Linux 6nanoAffected

Показывать по

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=582434nano: multiple file editing insecurities

3.6 Low

CVSS2

Связанные уязвимости

ubuntu
почти 16 лет назад

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.

nvd
почти 16 лет назад

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.

debian
почти 16 лет назад

GNU nano before 2.2.4 does not verify whether a file has been changed ...

github
почти 4 года назад

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.

3.6 Low

CVSS2