Computer Security
[EN] securityvulns.ru
no-pyccku

  

nano editor symbolic links vulnerability
Published:02.06.2010
Source:BUGTRAQ
SecurityVulns ID:10892
Type:local
Level:5/10
Description:Race conditions during temporary files creation.
Affected:NANO : nano 2.2
CVE:CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.)
 CVE-2010-1160 (GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.)
Original documentdocumentGENTOO, [ GLSA 201006-08 ] nano: Multiple vulnerabilities (02.06.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru