Lucene search

Gentoo FoundationMGASA-2024-0223

HistoryJun 16, 2024 - 2:07 a.m.

Updated nano packages fix security vulnerability

2024-06-1602:07:50

Gentoo Foundation

advisories.mageia.org

gnu nano

security vulnerability

privilege escalation

insecure temporary file

emergency file

symlink

cve-2024-5742

unix

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

JSON

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink. (CVE-2024-5742)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchnano< 7.2-1.1nano-7.2-1.1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	nano	< 7.2-1.1	nano-7.2-1.1.mga9

References

bugs.mageia.org/show_bug.cgi?id=33297

lists.opensuse.org/archives/list/[email protected]/message/VCJGQ6SCOSZGXAPYA7GYUT3M6ZPBLO5V/

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

JSON

Related for MGASA-2024-0223