Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-1160

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.

Related bugs and status

CVE-2010-1160 (Candidate) is related to these bugs:

Bug #564734: Nano security update: 2.2.4

Summary				In	Importance	Status
	564734	Nano security update: 2.2.4		nano (Ubuntu)	Low	Fix Released
	564734	Nano security update: 2.2.4		nano (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://drosenbe.blogsp...
MISC: http://www.securitytra...
MISC: http://secunia.com/adv...
MISC: http://lists.gnu.org/a...
MISC: http://www.openwall.co...
MISC: http://svn.savannah.gn...