Nano Local File Overwrite Vulnerability

nano is a free text editor similar to pico. A problem occurs with the editor when a session terminates unexpectedly.

Upon abnormal exit, the text editor saves any changes made to the file being edited into a new file in the current working directory labeled with a '.save' extension.

A user editing a file in a directory writable by others could be subject to having other files written to if a malicious user were to symbolically link the .save file to one writable by the current nano user. This would result in the contents of the nano session being appended to the symbolically linked file, potentially corrupting it.

Depending on the privilege level of the current user, this could have further serious impacts on host security.


 

Privacy Statement
Copyright 2010, SecurityFocus