Home Security

Helix Code Security Advisory – go-gnome pre-installer

By

August 31, 2000

Date: Tue, 29 Aug 2000 18:08:50 -0400
From: “Helix Code, Inc.” security@helixcode.com
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Helix Code Security Advisory – go-gnome pre-installer

HELIX CODE, INC.                                             SECURITY ADVISORY
security@helixcode.com                                 Issue Date: 29 Aug 2000

PACKAGES AFFECTED:
“go-gnome” Helix GNOME pre-installer

SYNOPSIS:
A vulnerability in the go-gnome pre-installer allows non-root users
to exploit world-writable permissions in /tmp, permitting files
normally only accessible by root to be overwritten.

DESCRIPTION:
The go-gnome pre-installer uses a few rather predictable filenames
in /tmp for uudecode, snarf, and the installer files. If one (or
more) of those files already exist with a symbolic link created by
a malicious user, the files pointed to by those links will be
clobbered.

SOLUTION:
The go-gnome pre-installer has been updated on the main Helix Code
mirror and go-gnome.com. This new version fixes this vulnerability
by storing files in /var/cache/helix-install, which is writable
only by root.

AVAILABILITY:
A new version of the go-gnome pre-installer is available
immediately from Helix Code, Inc. at go-gnome.com:
http://go-gnome.com

VERIFICATION:
94e5849dd659642bc58d768d12c3c26d go-gnome

Complete Story

Previous articleLinux-Mandrake Security Update Advisory: xchat update

Next articleLinuxPR: Pixami Completes Linux Solution for Online Photo Enhancement Technology

Helix Code Security Advisory – go-gnome pre-installer

Get the Free Newsletter!

Must Read

Master VLC with These 10+ Expert Tips and Tricks

Xubuntu 24.04 LTS: Best New Features

Slimbook Fedora 2 Is a New Linux Laptop Powered by Fedora 40

EndeavourOS Gemini Lands with the KDE Plasma 6 Desktop Environment

5 Must-Try AI Tools for Linux Users in 2024

Our Brands