CVE-2010-1161

CWE-362 — Race Condition9 documents7 sources

Severity

3.7LOW

EPSS

0.1%

top 76.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Nano

Timeline

PublishedApr 16

Latest updateMay 2

Description

Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages2 packages

▶Debiannano< 2.2.4-1+3

▶NVDgnu/nano2.2.3+140

🔴Vulnerability Details

GHSA

GHSA-q9pv-rh5p-8836: Race condition in GNU nano before 2↗2022-05-02

▶

OSV

CVE-2010-1161: Race condition in GNU nano before 2↗2010-04-16

▶

CVEList

CVE-2010-1161: Race condition in GNU nano before 2↗2010-04-16

▶

📋Vendor Advisories

Red Hat

nano: multiple file editing insecurities↗2010-04-02

▶

Debian

CVE-2010-1161: nano - Race condition in GNU nano before 2.2.4, when run by root to edit a file that is...↗2010

▶

💬Community

Bugzilla

CVE-2010-1160, CVE-2010-1161 nano: multiple file editing insecurities [fedora-all]↗2010-04-15

▶

Bugzilla

CVE-2010-1160 CVE-2010-1161 nano: multiple file editing insecurities↗2010-04-14

▶

Bugzilla

CVE-2010-1028 firefox: unspecified code execution vulnerability (VulnDisco 9.0)↗2010-02-18

▶