Vulnerability in Gnu Nano

CVE-2010-1161

Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.

Vulnerability class: Race Condition

EPSS: 0.001 (23.5th percentile) — read the EPSS interpretation.

Affected products

Gnu Nano — versions 1.9.99pre1, 0.8.1, 1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

secalert@redhat.com (x_refsource_MISC)
[Nano-devel] 20100407 New prerelease for security tweaks (mailing-list, x_refsource_MLIST)
39444 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
[oss-security] 20100414 CVE request: GNU nano (minor) (mailing-list, x_refsource_MLIST)
1023891 (vdb-entry, x_refsource_SECTRACK)