GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Jun 01, 2010 11:26 pm Post subject: [ GLSA 201006-08 ] nano: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: nano: Multiple vulnerabilities (GLSA 201006-08)
Severity: normal
Exploitable: local
Date: June 01, 2010
Bug(s): #315355
ID: 201006-08
Synopsis
Race conditions when editing files could lead to symlink attacks or changes
of ownerships of important files.
Background
nano is a GNU GPL'd Pico clone with more functionality.
Affected Packages
Package: app-editors/nano
Vulnerable: < 2.2.4
Unaffected: >= 2.2.4
Architectures: All supported architectures
Description
Multiple race condition vulnerabilities have been discovered in nano.
For further information please consult the CVE entries referenced
below.
Impact
Under certain conditions, a local, user-assisted attacker could
possibly overwrite arbitrary files via a symlink attack on an
attacker-owned file that is being edited by the victim, or change the
ownership of arbitrary files.
Workaround
There is no known workaround at this time.
Resolution
All nano users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/nano-2.2.4" |
References
CVE-2010-1160
CVE-2010-1161 |
|