OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: [Helix Beta] Helix Code Security Advisory - Helix GNOME Installer
From: Joe Shaw (joeHELIXCODE.COM)
Date: Sun Aug 20 2000 - 02:08:33 CDT


HELIX CODE, INC. SECURITY ADVISORY
securityhelixcode.com Issue Date: 20 Aug 2000

PACKAGES AFFECTED:
Helix GNOME Installer, versions 0.1 through 0.5

SYNOPSIS:
Vulnerabilities in the Helix GNOME Installer allow non-root users to exploit
world-writable permissions on /tmp to damage a system's configuration files
or install arbitrarily modified RPM packages.

DESCRIPTION:
Temporary copies of the /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and
/etc/rc.d/rc.gui files on Caldera OpenLinux eDesktop 2.4 and /etc/rc.config
on SuSE 6.3 and 6.4 are stored in the /tmp directory, modified, and moved back
into their original locations. A mkdir of the right path by any user prior to
root running the Helix GNOME Installer can result in a system's configuration
files being lost.

Furthermore, a directory called /tmp/helix-install is used to download
packages to be installed. If that directory was created by a malicious non-root
user, arbitrarily placed packages could be installed onto the system.

SOLUTION:
A new version of the Helix GNOME Installer (0.6) has been released. This new
version fixes both vulnerabilities. The first is solved by making backups of
the system files in the same directory from which they came, and doing the
operation on these files in-place. The second is solved by moving the default
download directory to /var/cache/helix-install, which is writable only by
root.

AVAILABILITY:
New versions of the Helix GNOME Installer are available immediately from
Helix Code, Inc.

A list of supported systems can be found at
http://www.helixcode.com/desktop/download.php3.

For supported i386 systems:
http://spidermonkey.helixcode.com/installer-latest-intel.gz

For supported PPC systems:
http://spidermonkey.helixcode.com/installer-latest-ppc.gz

For supported UltraSparc Solaris systems:
http://spidermonkey.helixcode.com/installer-latest-solaris.Z

VERIFICATION:
d6b369c223fd9e460581f92fba64d3b8 installer-latest-intel.gz
9223cae466e44a3627fc9be492a83c62 installer-latest-ppc.gz
61119233e77b4d5e2deb7989e79a1f0b installer-latest-solaris.Z

Copyright (C) 2000 Helix Code, Inc.