Описание
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
Отчет
For an attack to be successful, an attacker must be able to kill the Nano session of another user, hence this issue was rated as a Low severity issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | nano | Not affected | ||
| Red Hat Enterprise Linux 6 | nano | Out of support scope | ||
| Red Hat Enterprise Linux 7 | nano | Out of support scope | ||
| Red Hat Enterprise Linux 8 | nano | Fixed | RHSA-2024:6986 | 24.09.2024 |
| Red Hat Enterprise Linux 9 | nano | Fixed | RHSA-2024:9430 | 12.11.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.7 Medium
CVSS3
Связанные уязвимости
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
A vulnerability was found in GNU Nano that allows a possible privilege ...
EPSS
6.7 Medium
CVSS3