Vulnerability in Gnu Nano

CVE-2010-1160

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file…

EPSS: 0.000 (14.0th percentile) — read the EPSS interpretation.

Affected products

Gnu Nano — versions 1.9.99pre1, 0.8.1, 1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

secalert@redhat.com (x_refsource_MISC)
[Nano-devel] 20100407 New prerelease for security tweaks (mailing-list, x_refsource_MLIST)
39444 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
[oss-security] 20100414 CVE request: GNU nano (minor) (mailing-list, x_refsource_MLIST)
1023891 (vdb-entry, x_refsource_SECTRACK)