[16315] in bugtraq
Helix Code Security Advisory - Helix GNOME Update
daemon@ATHENA.MIT.EDU (Helix Code, Inc.)
Mon Aug 21 14:46:11 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <200008200739.DAA25668@trna.helixcode.com>
Date: Sun, 20 Aug 2000 03:39:40 -0400
Reply-To: "Helix Code, Inc." <security@HELIXCODE.COM>
From: "Helix Code, Inc." <security@HELIXCODE.COM>
X-To: updates@helixcode.com
To: BUGTRAQ@SECURITYFOCUS.COM
HELIX CODE, INC. SECURITY ADVISORY
security@helixcode.com Issue Date: 20 Aug 2000
PACKAGES AFFECTED:
Helix GNOME Updater (helix-update), versions 0.1 through 0.5
SYNOPSIS:
A vulnerability in Helix GNOME Update allow non-root users to exploit
world-writable permissions on /tmp, permitting arbitrarily modified RPM
packages to be installed on the system.
DESCRIPTION:
A directory called /tmp/helix-install is used to store downloaded RPM packages
to be installed. If that directory was created by a malicious non-root user
prior to root launching the application, the malicious user could place
arbitrary RPM packages in that directory which could be installed and used to
compromise the security of the system.
SOLUTION:
A new version of the Helix GNOME Updater (0.6) has been released. This new
version fixes this vulnerability by storing downloaded files in
/var/cache/helix-install, which is writable only by root.
AVAILABILITY:
New versions of the Helix GNOME Updater are available immediately from Helix
Code, Inc.
A list of supported distributions, platforms and versions can be found at
http://www.helixcode.com/desktop/download.php3.
For Caldera OpenLinux eDesktop systems:
http://spidermonkey.helixcode.com/distributions/Caldera-2.4/helix-update-0.6-0_helix_2.i386.rpm
For LinuxPPC systems:
http://spidermonkey.helixcode.com/distributions/LinuxPPC/helix-update-0.6.0_helix_2.ppc.rpm
For Linux Mandrake systems:
http://spidermonkey.helixcode.com/distributions/Mandrake/helix-update-0.6-0mdk_helix_2.i586.rpm
For Red Hat Linux systems:
http://spidermonkey.helixcode.com/distributions/RedHat-6/helix-update-0.6-0_helix_2.i386.rpm
For Solaris systems:
http://spidermonkey.helixcode.com/distributions/Solaris/helix-update-0.6-0_helix_1.sparc64.rpm
For SuSE 6.3 systems:
http://spidermonkey.helixcode.com/distributions/SuSE/hupdate-0.6-0_helix_2.i386.rpm
For SuSE 6.4 systems:
http://spidermonkey.helixcode.com/distributions/SuSE-6.4/hupdate-0.6-0_helix_2.i386.rpm
For TurboLinux systems:
http://spidermonkey.helixcode.com/distributions/TurboLinux-6/helix-update-0.6-0_helix_3.i386.rpm
VERIFICATION:
cebf0dfee4b6e3863d6accf18323f143 Caldera-2.4/helix-update-0.6-0_helix_2.i386.rpm
a72044ce71275aafb1aad39efc72abae LinuxPPC/helix-update-0.6-0_helix_2.ppc.rpm
80facf4bc809e462c428a004b0940247 Mandrake/helix-update-0.6-0mdk_helix_2.i586.rpm
0d50980e0206ae3d22364879fc64bb61 RedHat-6/helix-update-0.6-0_helix_2.i386.rpm
1eec4c82ba6a9c7cc2f5645cbcaa5f66 Solaris/helix-update-0.6-0_helix_1.sparc64.rpm
410a4958c95b4426f711d0e5ffae7fb4 SuSE/hupdate-0.6-0_helix_2.i386.rpm
cd5c18a4c9be10c6c311e8785408e6ec SuSE-6.4/hupdate-0.6-0_helix_2.i386.rpm
c539209a2b2f2ab514126964cfaddda1 TurboLinux-6/helix-update-0.6-0_helix_3.i386.rpm
Copyright (C) 2000 Helix Code, Inc.
