Login Sign Up

CVE-2024-5742

6.7 MEDIUM

📋 TL;DR

This vulnerability in GNU Nano allows local privilege escalation through insecure temporary file handling. When Nano is killed during editing, it creates an emergency file with user permissions that attackers can exploit via symlink attacks. Users running vulnerable versions of GNU Nano with write access to temporary directories are affected.

💻 Affected Systems

Products:
  • GNU Nano
Versions: Versions before 8.0
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems where Nano is installed and users have write access to /tmp or other temporary directories.

📦 What is this software?

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Nano by Gnu

View all CVEs affecting Nano →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains root privileges by exploiting symlink race condition during emergency file creation.

🟠

Likely Case

Local user escalates privileges to another user account or gains unauthorized access to sensitive files.

🟢

If Mitigated

Attack fails due to proper file permissions, SELinux/apparmor restrictions, or lack of local access.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring shell access.
🏢 Internal Only: MEDIUM - Internal users with shell access could exploit this to escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and timing to exploit the race condition during emergency file creation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GNU Nano 8.0 and later

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2024-5742

Restart Required: No

Instructions:

1. Update GNU Nano to version 8.0 or later using your distribution's package manager. 2. For Red Hat systems: 'sudo yum update nano' or 'sudo dnf update nano'. 3. For Debian/Ubuntu: 'sudo apt update && sudo apt upgrade nano'. 4. Verify installation with 'nano --version'.

🔧 Temporary Workarounds

Disable emergency file creation

linux

Prevent Nano from creating emergency files when killed

export NANOEMERGENCYFILE=""

Use secure temporary directory

linux

Set TMPDIR to a secure, user-specific directory

export TMPDIR="$HOME/.tmp"
mkdir -p "$HOME/.tmp"

🧯 If You Can't Patch

  • Restrict user access to Nano through sudoers or remove execute permissions
  • Implement strict file permissions on /tmp and other world-writable directories

🔍 How to Verify

Check if Vulnerable:

Check Nano version with 'nano --version' and compare to affected versions (before 8.0)

Check Version:

nano --version | head -1

Verify Fix Applied:

Verify installed version is 8.0 or later with 'nano --version'

📡 Detection & Monitoring

Log Indicators:

  • Failed privilege escalation attempts
  • Unusual symlink creation in /tmp
  • Multiple Nano processes killed unexpectedly

Network Indicators:

  • None - this is a local attack

SIEM Query:

process.name:"nano" AND file.path:"/tmp/*" AND event.action:"created"

📊 Metadata

CVE ID: CVE-2024-5742
CVSS v3 Score: 6.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-59
Published: June 12, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5742, you might also want to check these:

CVE-2024-37143 10.0

This CVE describes an Improper Link Resolution Before File Access vulnerability in multiple Dell Pow...

Same vulnerability type (CWE-59)
CVE-2024-28185 10.0

CVE-2024-28185 is a critical symlink vulnerability in Judge0 that allows attackers to write arbitrar...

Same vulnerability type (CWE-59)
CVE-2024-48862 9.8

CVE-2024-48862 is a path traversal vulnerability in QNAP's QuLog Center that allows remote attackers...

Same vulnerability type (CWE-59)