Bug 582434 – CVE-2010-1160 CVE-2010-1161 nano: multiple file editing insecurities

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 582434 - (CVE-2010-1160, CVE-2010-1161) CVE-2010-1160 CVE-2010-1161 nano: multiple file editing insecurities

Summary:	CVE-2010-1160 CVE-2010-1161 nano: multiple file editing insecurities

Status:	CLOSED CURRENTRELEASE

Aliases:	CVE-2010-1160, CVE-2010-1161

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	public=20100402,reported=20100414,sou...
Keywords:	Security

Depends On:	582739 582740
Blocks:
	Show dependency tree / graph

Reported:	2010-04-14 17:34 EDT by Vincent Danen
Modified:	2015-08-19 04:45 EDT (History)
CC List:	4 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2014-09-03 08:01:32 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Vincent Danen 2010-04-14 17:34:33 EDT

Dan Rosenberg reported [1] two vulnerabilities in GNU nano:

When editing a file that is owned by another user, the owner of the file could replace the file in mid-edit with a symbolic link, resulting in the editor overwriting the target of the symbolic link with the privileges of the user editing the file, without any warning to the editor. (CVE-2010-1160; fixed upstream in r4490)

When backup files are enabled, and root is editing a file owned by an untrusted user, that user could exploit race conditions in the creation of backup files to take ownership of arbitrary files. (CVE-2010-1161; fixed upstream in r4491, r4493, r4496)

Patches [2], [3], [4] are available to correct both issues.

[1] http://article.gmane.org/gmane.comp.security.oss.general/2813
[2] http://svn.savannah.gnu.org/viewvc/trunk/nano/src/files.c?r1=4489&r2=4496&pathrev=4496&root=nano&view=patch
[3] http://svn.savannah.gnu.org/viewvc/trunk/nano/doc/man/nano.1?r1=4493&r2=4492&pathrev=4493&root=nano&view=patch
[4] http://svn.savannah.gnu.org/viewvc/trunk/nano/doc/man/nanorc.5?r1=4493&r2=4492&pathrev=4493&root=nano&view=patch

Comment 1 Vincent Danen 2010-04-15 12:57:42 EDT

Created nano tracking bugs for this issue

Affects: fedora-all [bug 582739]

Comment 3 Fedora Update System 2010-04-15 15:16:42 EDT

nano-2.0.9-6.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/nano-2.0.9-6.fc12

Comment 4 Fedora Update System 2010-04-15 15:16:46 EDT

nano-2.0.9-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/nano-2.0.9-1.fc11

Comment 5 Fedora Update System 2010-04-15 15:16:50 EDT

nano-2.2.4-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/nano-2.2.4-1.fc13

Comment 6 Vincent Danen 2010-04-15 16:59:05 EDT

The Red Hat Security Response Team has rated these issues as having low security impact, a future update may address these flaws.

Comment 7 Fedora Update System 2010-04-30 19:41:30 EDT

nano-2.2.4-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2010-05-04 02:10:49 EDT

nano-2.0.9-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2010-05-04 02:22:22 EDT

nano-2.0.9-6.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Ranjith Rajaram 2014-09-02 10:28:49 EDT

RHEL6 and RHEL5 bugs have been closed with a fix. CVE database is not updated

Comment 14 Tomas Hoger 2014-09-03 08:00:19 EDT

Red Hat Enterprise Linux 6 had these issues corrected before its initial release.  Therefore, there is no erratum to link from the CVE page.

Red Hat Enterprise Linux 5 hasn't got these issues corrected.  As this is Low impact issue, and Red Hat Enterprise Linux 5 is already in the Phase 3 of its life cycle, these issues are not expected to get corrected.

Comment 15 Tomas Hoger 2014-09-03 08:01:32 EDT

Statement:

This issue was corrected in Red Hat Enterprise Linux 6 prior to its initial release.

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates for this or earlier releases. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Note You need to log in before you can comment on or make changes to this bug.