[16436] in bugtraq
Helix Code Security Advisory - go-gnome pre-installer
daemon@ATHENA.MIT.EDU (Helix Code, Inc.)
Wed Aug 30 14:43:13 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <200008292208.SAA20939@trna.helixcode.com>
Date: Tue, 29 Aug 2000 18:08:50 -0400
Reply-To: security@helixcode.com
From: "Helix Code, Inc." <security@helixcode.com>
To: BUGTRAQ@SECURITYFOCUS.COM
HELIX CODE, INC. SECURITY ADVISORY
security@helixcode.com Issue Date: 29 Aug 2000
PACKAGES AFFECTED:
"go-gnome" Helix GNOME pre-installer
SYNOPSIS:
A vulnerability in the go-gnome pre-installer allows non-root users to exploit
world-writable permissions in /tmp, permitting files normally only accessible
by root to be overwritten.
DESCRIPTION:
The go-gnome pre-installer uses a few rather predictable filenames in /tmp
for uudecode, snarf, and the installer files. If one (or more) of those files
already exist with a symbolic link created by a malicious user, the files
pointed to by those links will be clobbered.
SOLUTION:
The go-gnome pre-installer has been updated on the main Helix Code mirror and
go-gnome.com. This new version fixes this vulnerability by storing files in
/var/cache/helix-install, which is writable only by root.
AVAILABILITY:
A new version of the go-gnome pre-installer is available immediately from Helix
Code, Inc. at go-gnome.com:
http://go-gnome.com
VERIFICATION:
94e5849dd659642bc58d768d12c3c26d go-gnome
Copyright (c) 2000 Helix Code, Inc.
