CVE-2024-5742

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:nano:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

History

21 Nov 2024, 09:48

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html -
References () https://access.redhat.com/security/cve/CVE-2024-5742 - Vendor Advisory () https://access.redhat.com/security/cve/CVE-2024-5742 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2278574 - Issue Tracking, Vendor Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=2278574 - Issue Tracking, Vendor Advisory

12 Nov 2024, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:9430 -

25 Sep 2024, 06:15

Type Values Removed Values Added
CWE CWE-377

25 Sep 2024, 01:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:6986 -

24 Sep 2024, 15:39

Type Values Removed Values Added
CWE CWE-59
References () https://access.redhat.com/security/cve/CVE-2024-5742 - () https://access.redhat.com/security/cve/CVE-2024-5742 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2278574 - () https://bugzilla.redhat.com/show_bug.cgi?id=2278574 - Issue Tracking, Vendor Advisory
CPE cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:nano:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
First Time Redhat enterprise Linux
Redhat
Gnu
Gnu nano
CVSS v2 : unknown
v3 : 4.7
v2 : unknown
v3 : 6.7

17 Sep 2024, 00:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html', 'source': 'secalert@redhat.com'}

17 Jun 2024, 12:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html -

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en GNU Nano que permite una posible escalada de privilegios a través de un archivo temporal inseguro. Si Nano muere mientras edita, un archivo que guarda en un archivo de emergencia con los permisos del usuario que lo ejecuta brinda una ventana de oportunidad para que los atacantes aumenten los privilegios a través de un enlace simbólico malicioso.

12 Jun 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-12 09:15

Updated : 2024-11-21 09:48


NVD link : CVE-2024-5742

Mitre link : CVE-2024-5742

CVE.ORG link : CVE-2024-5742


JSON object : View

Products Affected

redhat

  • enterprise_linux

gnu

  • nano
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')