Helix Code Security Advisory - Helix GNOME Update | Linux Today

Helix Code Security Advisory – Helix GNOME Update

Written By
Web Webster
Web Webster
Aug 20, 2000
To: updates@helixcode.com
Date: Sun, 20 Aug 2000 03:39:40 -0400 (EDT)
From: "Helix Code, Inc." <security@helixcode.com>
Subject: [Helix Updates] Helix Code Security Advisory - Helix GNOME Update


HELIX CODE, INC.                                            SECURITY ADVISORY
security@helixcode.com                                Issue Date: 20 Aug 2000

PACKAGES AFFECTED:
Helix GNOME Updater (helix-update), versions 0.1 through 0.5

SYNOPSIS:
A vulnerability in Helix GNOME Update allow non-root users to exploit
world-writable permissions on /tmp, permitting arbitrarily modified RPM
packages to be installed on the system.

DESCRIPTION:
A directory called /tmp/helix-install is used to store downloaded RPM packages
to be installed. If that directory was created by a malicious non-root user
prior to root launching the application, the malicious user could place
arbitrary RPM packages in that directory which could be installed and used to
compromise the security of the system.

SOLUTION:
A new version of the Helix GNOME Updater (0.6) has been released. This new
version fixes this vulnerability by storing downloaded files in
/var/cache/helix-install, which is writable only by root.

AVAILABILITY:
New versions of the Helix GNOME Updater are available immediately from Helix
Code, Inc.

A list of supported distributions, platforms and versions can be found at 
http://www.helixcode.com/desktop/download.php3.

For Caldera OpenLinux eDesktop systems:
http://spidermonkey.helixcode.com/distributions/Caldera-2.4/helix-update-0.6-0_helix_2.i386.rpm

For LinuxPPC systems:
http://spidermonkey.helixcode.com/distributions/LinuxPPC/helix-update-0.6.0_helix_2.ppc.rpm

For Linux Mandrake systems:
http://spidermonkey.helixcode.com/distributions/Mandrake/helix-update-0.6-0mdk_helix_2.i586.rpm

For Red Hat Linux systems:
http://spidermonkey.helixcode.com/distributions/RedHat-6/helix-update-0.6-0_helix_2.i386.rpm

For Solaris systems:
http://spidermonkey.helixcode.com/distributions/Solaris/helix-update-0.6-0_helix_1.sparc64.rpm

For SuSE 6.3 systems:
http://spidermonkey.helixcode.com/distributions/SuSE/hupdate-0.6-0_helix_2.i386.rpm

For SuSE 6.4 systems:
http://spidermonkey.helixcode.com/distributions/SuSE-6.4/hupdate-0.6-0_helix_2.i386.rpm

For TurboLinux systems:
http://spidermonkey.helixcode.com/distributions/TurboLinux-6/helix-update-0.6-0_helix_3.i386.rpm

VERIFICATION:
cebf0dfee4b6e3863d6accf18323f143  Caldera-2.4/helix-update-0.6-0_helix_2.i386.rpm
a72044ce71275aafb1aad39efc72abae  LinuxPPC/helix-update-0.6-0_helix_2.ppc.rpm
80facf4bc809e462c428a004b0940247  Mandrake/helix-update-0.6-0mdk_helix_2.i586.rpm
0d50980e0206ae3d22364879fc64bb61  RedHat-6/helix-update-0.6-0_helix_2.i386.rpm
1eec4c82ba6a9c7cc2f5645cbcaa5f66  Solaris/helix-update-0.6-0_helix_1.sparc64.rpm
410a4958c95b4426f711d0e5ffae7fb4  SuSE/hupdate-0.6-0_helix_2.i386.rpm
cd5c18a4c9be10c6c311e8785408e6ec  SuSE-6.4/hupdate-0.6-0_helix_2.i386.rpm
c539209a2b2f2ab514126964cfaddda1  TurboLinux-6/helix-update-0.6-0_helix_3.i386.rpm

Copyright © 2000 Helix Code, Inc.


updates maillist  -  updates@helixcode.com
http://lists.helixcode.com/mailman/listinfo/updates

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.