[ SOURCE: http://www.secureroot.com/security/advisories/9668697764.html ]

HELIX CODE, INC.                                            SECURITY ADVISORY

security@helixcode.com                                Issue Date: 20 Aug 2000



PACKAGES AFFECTED:

Helix GNOME Updater (helix-update), versions 0.1 through 0.5



SYNOPSIS:

A vulnerability in Helix GNOME Update allow non-root users to exploit

world-writable permissions on /tmp, permitting arbitrarily modified RPM

packages to be installed on the system.



DESCRIPTION:

A directory called /tmp/helix-install is used to store downloaded RPM packages

to be installed. If that directory was created by a malicious non-root user

prior to root launching the application, the malicious user could place

arbitrary RPM packages in that directory which could be installed and used to

compromise the security of the system.



SOLUTION:

A new version of the Helix GNOME Updater (0.6) has been released. This new

version fixes this vulnerability by storing downloaded files in

/var/cache/helix-install, which is writable only by root.



AVAILABILITY:

New versions of the Helix GNOME Updater are available immediately from Helix

Code, Inc.



A list of supported distributions, platforms and versions can be found at

http://www.helixcode.com/desktop/download.php3.



For Caldera OpenLinux eDesktop systems:

http://spidermonkey.helixcode.com/distributions/Caldera-2.4/helix-update-0.6-0_helix_2.i386.rpm



For LinuxPPC systems:

http://spidermonkey.helixcode.com/distributions/LinuxPPC/helix-update-0.6.0_helix_2.ppc.rpm



For Linux Mandrake systems:

http://spidermonkey.helixcode.com/distributions/Mandrake/helix-update-0.6-0mdk_helix_2.i586.rpm



For Red Hat Linux systems:

http://spidermonkey.helixcode.com/distributions/RedHat-6/helix-update-0.6-0_helix_2.i386.rpm



For Solaris systems:

http://spidermonkey.helixcode.com/distributions/Solaris/helix-update-0.6-0_helix_1.sparc64.rpm



For SuSE 6.3 systems:

http://spidermonkey.helixcode.com/distributions/SuSE/hupdate-0.6-0_helix_2.i386.rpm



For SuSE 6.4 systems:

http://spidermonkey.helixcode.com/distributions/SuSE-6.4/hupdate-0.6-0_helix_2.i386.rpm



For TurboLinux systems:

http://spidermonkey.helixcode.com/distributions/TurboLinux-6/helix-update-0.6-0_helix_3.i386.rpm



VERIFICATION:

cebf0dfee4b6e3863d6accf18323f143  Caldera-2.4/helix-update-0.6-0_helix_2.i386.rpm

a72044ce71275aafb1aad39efc72abae  LinuxPPC/helix-update-0.6-0_helix_2.ppc.rpm

80facf4bc809e462c428a004b0940247  Mandrake/helix-update-0.6-0mdk_helix_2.i586.rpm

0d50980e0206ae3d22364879fc64bb61  RedHat-6/helix-update-0.6-0_helix_2.i386.rpm

1eec4c82ba6a9c7cc2f5645cbcaa5f66  Solaris/helix-update-0.6-0_helix_1.sparc64.rpm

410a4958c95b4426f711d0e5ffae7fb4  SuSE/hupdate-0.6-0_helix_2.i386.rpm

cd5c18a4c9be10c6c311e8785408e6ec  SuSE-6.4/hupdate-0.6-0_helix_2.i386.rpm

c539209a2b2f2ab514126964cfaddda1  TurboLinux-6/helix-update-0.6-0_helix_3.i386.rpm



Copyright (C) 2000 Helix Code, Inc.