Date: Sun, 20 Aug 2000 03:08:33 -0400 From: Joe Shaw <joe@HELIXCODE.COM> Subject: [Helix Beta] Helix Code Security Advisory - Helix GNOME Installer To: BUGTRAQ@SECURITYFOCUS.COM HELIX CODE, INC. SECURITY ADVISORY security@helixcode.com Issue Date: 20 Aug 2000 PACKAGES AFFECTED: Helix GNOME Installer, versions 0.1 through 0.5 SYNOPSIS: Vulnerabilities in the Helix GNOME Installer allow non-root users to exploit world-writable permissions on /tmp to damage a system's configuration files or install arbitrarily modified RPM packages. DESCRIPTION: Temporary copies of the /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.d/rc.gui files on Caldera OpenLinux eDesktop 2.4 and /etc/rc.config on SuSE 6.3 and 6.4 are stored in the /tmp directory, modified, and moved back into their original locations. A mkdir of the right path by any user prior to root running the Helix GNOME Installer can result in a system's configuration files being lost. Furthermore, a directory called /tmp/helix-install is used to download packages to be installed. If that directory was created by a malicious non-root user, arbitrarily placed packages could be installed onto the system. SOLUTION: A new version of the Helix GNOME Installer (0.6) has been released. This new version fixes both vulnerabilities. The first is solved by making backups of the system files in the same directory from which they came, and doing the operation on these files in-place. The second is solved by moving the default download directory to /var/cache/helix-install, which is writable only by root. AVAILABILITY: New versions of the Helix GNOME Installer are available immediately from Helix Code, Inc. A list of supported systems can be found at http://www.helixcode.com/desktop/download.php3. For supported i386 systems: http://spidermonkey.helixcode.com/installer-latest-intel.gz For supported PPC systems: http://spidermonkey.helixcode.com/installer-latest-ppc.gz For supported UltraSparc Solaris systems: http://spidermonkey.helixcode.com/installer-latest-solaris.Z VERIFICATION: d6b369c223fd9e460581f92fba64d3b8 installer-latest-intel.gz 9223cae466e44a3627fc9be492a83c62 installer-latest-ppc.gz 61119233e77b4d5e2deb7989e79a1f0b installer-latest-solaris.Z Copyright (C) 2000 Helix Code, Inc.