PT-2024-6057 · Gnu Nano+10 · Gnu Nano+10

Tej Rathi

·

Published

2024-04-12

·

Updated

2025-03-17

·

CVE-2024-5742

CVSS v3.1

6.7

Medium

VectorAV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GNU Nano (affected versions not specified)
Description A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink. The vulnerability is related to errors in handling temporary files, which can be exploited to impact data integrity.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-377CWE-59

Related Identifiers

ALSA-2024:6986
ALSA-2024:9430
ALT-PU-2024-13716
ALT-PU-2024-14552
AZL-42612
AZL-42619
BDU:2024-06879
CESA-2024_6986
CVE-2024-5742
DLA-3831-1
INFSA-2024_6986
INFSA-2024_9430
MGASA-2024-0223
OESA-2024-1735
OPENSUSE-SU-2024:0157-1
OPENSUSE-SU-2024:0157-2
OPENSUSE-SU-2024:14034-1
RHSA-2024:6986
RHSA-2024:9430
RHSA-2024_6986
RHSA-2024_9430
RLSA-2024:6986
RLSA-2024:9430
ROSA-SA-2025-2586
USN-7064-1
USN-7064-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Gnu Nano
Linuxmint
Nano
Red Hat
Red Os
Rocky Linux
Ubuntu