Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 315355 - <app-editors/nano-2.2.4 multiple vulnerabilities (CVE-2010-{1160,1161})
Summary: <app-editors/nano-2.2.4 multiple vulnerabilities (CVE-2010-{1160,1161})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://svn.savannah.gnu.org/viewvc/tr...
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-14 22:47 UTC by Tomás Touceda (RETIRED)
Modified: 2010-06-02 21:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tomás Touceda (RETIRED) gentoo-dev 2010-04-14 22:47:23 UTC
CVE-2010-1160:
When editing a file owned by another user, the owner of the file may
replace the file mid-editing with a symbolic link, resulting in the
editor overwriting the target of the symbolic link on saving with the
privileges of the user doing the editing, without any warning to the
editor.

CVE-2010-1161:
When backup files are enabled and root is editing a file by an
untrusted user, that user may exploit race conditions in the creation of
backup files to take ownership of arbitrary files.

Relevant changelog entries at revisions 4490, 4491, 4493, and 4496.
Comment 1 SpanKY gentoo-dev 2010-04-16 03:44:41 UTC
it's in the tree now
Comment 2 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-04-22 17:40:04 UTC
CVE-2010-1160 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1160):
  GNU nano before 2.2.4 does not verify whether a file has been changed
  before it is overwritten in a file-save operation, which allows local
  user-assisted attackers to overwrite arbitrary files via a symlink
  attack on an attacker-owned file that is being edited by the victim.

CVE-2010-1161 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1161):
  Race condition in GNU nano before 2.2.4, when run by root to edit a
  file that is not owned by root, allows local user-assisted attackers
  to change the ownership of arbitrary files via vectors related to the
  creation of backup files.

Comment 3 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-04-22 17:43:54 UTC
Arches, please test and mark stable:
=app-editors/nano-2.2.4
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 4 Thomas Kahle (RETIRED) gentoo-dev 2010-04-22 18:20:01 UTC
Tested on x86: Everything fine
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2010-04-23 09:41:23 UTC
stable x86, thanks Thomas
Comment 6 Jeroen Roovers gentoo-dev 2010-04-23 14:36:08 UTC
Stable for HPPA.
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2010-04-23 19:43:03 UTC
alpha/arm/ia64/m68k/s390/sh/sparc stable
Comment 8 Markus Meier gentoo-dev 2010-04-26 19:01:58 UTC
amd64 stable
Comment 9 Brent Baude (RETIRED) gentoo-dev 2010-04-30 14:07:02 UTC
ppc done
Comment 10 Brent Baude (RETIRED) gentoo-dev 2010-04-30 14:07:54 UTC
ppc64 done too
Comment 11 Tomás Touceda (RETIRED) gentoo-dev 2010-04-30 14:23:13 UTC
All arches done. GLSA request filled.
Comment 12 Honza 2010-05-09 17:02:17 UTC
Can I ask what's with that glsa ?
Comment 13 Tobias Heinlein (RETIRED) gentoo-dev 2010-05-09 17:07:27 UTC
(In reply to comment #12)
> Can I ask what's with that glsa ?

We have a huge backlog and it will take some time.
Comment 14 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-06-02 21:26:01 UTC
GLSA 201006-08