GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.
No CVSS v3.1
No CVSS v3.0
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:L/AC:M/Au:N/C:N/I:P/A:N
Vendors | Products |
---|---|
Gnu |
|
Configuration 1 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2010-04-16T19:00:00Z
Updated: 2010-04-16T19:00:00Z
Reserved: 2010-03-29T00:00:00Z
Link: CVE-2010-1160
JSON object: View
NVD Information
Status : Analyzed
Published: 2010-04-16T19:30:00.460
Modified: 2010-06-07T04:00:00.000
Link: CVE-2010-1160
JSON object: View
Redhat Information
No data.
CWE