GNU nano Multiple Local Privilege Escalation Vulnerabilities
BID:39502
Info
GNU nano Multiple Local Privilege Escalation Vulnerabilities
| Bugtraq ID: | 39502 |
| Class: | Design Error |
| CVE: |
CVE-2010-1160 CVE-2010-1161 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 27 2010 12:00AM |
| Updated: | Apr 16 2015 05:50PM |
| Credit: | Dan Rosenberg |
| Vulnerable: |
Pardus Linux 2009 0 GNU nano 2.2.3 Gentoo Linux |
| Not Vulnerable: |
GNU nano 2.2.4 |
Discussion
GNU nano Multiple Local Privilege Escalation Vulnerabilities
GNU nano is prone to multiple local privilege-escalation vulnerabilities because it writes to files in an unsafe fashion.
Local attackers can exploit these issues by enticing a privileged user to edit an attacker-controlled file. Successful attacks will allow the attacker to gain elevated privileges.
Versions prior to nano 2.2.4 are vulnerable.
GNU nano is prone to multiple local privilege-escalation vulnerabilities because it writes to files in an unsafe fashion.
Local attackers can exploit these issues by enticing a privileged user to edit an attacker-controlled file. Successful attacks will allow the attacker to gain elevated privileges.
Versions prior to nano 2.2.4 are vulnerable.
Exploit / POC
GNU nano Multiple Local Privilege Escalation Vulnerabilities
An attacker uses readily available commands to exploit the issue.
An attacker uses readily available commands to exploit the issue.
Solution / Fix
GNU nano Multiple Local Privilege Escalation Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
GNU nano 2.2.3
Solution:
Updates are available. Please see the references for more information.
GNU nano 2.2.3
-
GNU nano-2.2.4.tar.gz
http://ftp.gnu.org/gnu/nano/nano-2.2.4.tar.gz
References
GNU nano Multiple Local Privilege Escalation Vulnerabilities
References:
References:
- [Nano-devel] GNU nano 2.2.4 (Chris Allegretta)
- Exploiting nano (Dan Rosenberg)
- GNU nano Homepage (GNU)