Race conditions when editing files could lead to symlink attacks or changes of ownerships of important files.
Package | app-editors/nano on all architectures |
---|---|
Affected versions | < 2.2.4 |
Unaffected versions | >= 2.2.4 |
nano is a GNU GPL'd Pico clone with more functionality.
Multiple race condition vulnerabilities have been discovered in nano. For further information please consult the CVE entries referenced below.
Under certain conditions, a local, user-assisted attacker could possibly overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim, or change the ownership of arbitrary files.
There is no known workaround at this time.
All nano users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/nano-2.2.4"
Release date
June 01, 2010
Latest revision
June 01, 2010: 01
Severity
normal
Exploitable
local
Bugzilla entries