Gnome Updater Arbitrary RPM Installation Vulnerability
BID:1593
Info
Gnome Updater Arbitrary RPM Installation Vulnerability
| Bugtraq ID: | 1593 |
| Class: | Origin Validation Error |
| CVE: |
CVE-2000-0722 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 20 2000 12:00AM |
| Updated: | Jul 11 2009 02:56AM |
| Credit: | First posted to Bugtraq by Alan Cox <[email protected]> on August 19, 2000. |
| Vulnerable: |
Helix Code GNOME Updater 0.5 Helix Code GNOME Updater 0.4 Helix Code GNOME Updater 0.3 Helix Code GNOME Updater 0.2 Helix Code GNOME Updater 0.1 |
| Not Vulnerable: |
Helix Code GNOME Updater 0.6 |
Discussion
Gnome Updater Arbitrary RPM Installation Vulnerability
GNOME is a desktop environment for X11 that is shipped with many popular free unix distributions (most commonly linux) created by a company called Helix Code. One of its components, the updater, is used to download new versions of other components and install them automatically. The updater stores temporary package files in an insecure location (/tmp), therefore it is possible for an attacker with local access to overwrite packages before they are installed, replacing them with malicious versions that can lead to elevated priviliges.
GNOME is a desktop environment for X11 that is shipped with many popular free unix distributions (most commonly linux) created by a company called Helix Code. One of its components, the updater, is used to download new versions of other components and install them automatically. The updater stores temporary package files in an insecure location (/tmp), therefore it is possible for an attacker with local access to overwrite packages before they are installed, replacing them with malicious versions that can lead to elevated priviliges.
Exploit / POC
Gnome Updater Arbitrary RPM Installation Vulnerability
See discussion.
See discussion.
Solution / Fix
Gnome Updater Arbitrary RPM Installation Vulnerability
Helix Code GNOME Updater 0.1
Helix Code GNOME Updater 0.2
Helix Code GNOME Updater 0.3
Helix Code GNOME Updater 0.4
Helix Code GNOME Updater 0.5
Helix Code GNOME Updater 0.1
-
Helix Code Caldera eDesktop 2.4: helix-update-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/Caldera-2.4/helix-upda te-0.6-0_helix_2.i386.rpm -
Helix Code Linux PPC: helix-update-0.6.0_helix_2
http://spidermonkey.helixcode.com/distributions/LinuxPPC/helix-update- 0.6.0_helix_2.ppc.rpm -
Helix Code Mandrake: helix-update-0.6-0mdk_helix_2
http://spidermonkey.helixcode.com/distributions/Mandrake/helix-update- 0.6-0mdk_helix_2.i586.rpm -
Helix Code RedHat: helix-update-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/RedHat-6/helix-update- 0.6-0_helix_2.i386.rpm -
Helix Code Solaris (sparc u64): helix-update-0.6-0_helix_1
http://spidermonkey.helixcode.com/distributions/Solaris/helix-update-0 .6-0_helix_1.sparc64.rpm -
Helix Code SuSE 6.3: hupdate-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/SuSE/hupdate-0.6-0_hel ix_2.i386.rpm -
Helix Code SuSE 6.4: hupdate-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/SuSE-6.4/hupdate-0.6-0 _helix_2.i386.rpm -
Helix Code TurboLinux:: helix-update-0.6-0_helix_3
http://spidermonkey.helixcode.com/distributions/TurboLinux-6/helix-upd ate-0.6-0_helix_3.i386.rpm
Helix Code GNOME Updater 0.2
-
Helix Code Caldera eDesktop 2.4: helix-update-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/Caldera-2.4/helix-upda te-0.6-0_helix_2.i386.rpm -
Helix Code Linux PPC: helix-update-0.6.0_helix_2
http://spidermonkey.helixcode.com/distributions/LinuxPPC/helix-update- 0.6.0_helix_2.ppc.rpm -
Helix Code Mandrake: helix-update-0.6-0mdk_helix_2
http://spidermonkey.helixcode.com/distributions/Mandrake/helix-update- 0.6-0mdk_helix_2.i586.rpm -
Helix Code RedHat: helix-update-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/RedHat-6/helix-update- 0.6-0_helix_2.i386.rpm -
Helix Code Solaris (sparc u64): helix-update-0.6-0_helix_1
http://spidermonkey.helixcode.com/distributions/Solaris/helix-update-0 .6-0_helix_1.sparc64.rpm -
Helix Code SuSE 6.3: hupdate-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/SuSE/hupdate-0.6-0_hel ix_2.i386.rpm -
Helix Code SuSE 6.4: hupdate-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/SuSE-6.4/hupdate-0.6-0 _helix_2.i386.rpm -
Helix Code TurboLinux:: helix-update-0.6-0_helix_3
http://spidermonkey.helixcode.com/distributions/TurboLinux-6/helix-upd ate-0.6-0_helix_3.i386.rpm
Helix Code GNOME Updater 0.3
-
Helix Code Caldera eDesktop 2.4: helix-update-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/Caldera-2.4/helix-upda te-0.6-0_helix_2.i386.rpm -
Helix Code Linux PPC: helix-update-0.6.0_helix_2
http://spidermonkey.helixcode.com/distributions/LinuxPPC/helix-update- 0.6.0_helix_2.ppc.rpm -
Helix Code Mandrake: helix-update-0.6-0mdk_helix_2
http://spidermonkey.helixcode.com/distributions/Mandrake/helix-update- 0.6-0mdk_helix_2.i586.rpm -
Helix Code RedHat: helix-update-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/RedHat-6/helix-update- 0.6-0_helix_2.i386.rpm -
Helix Code Solaris (sparc u64): helix-update-0.6-0_helix_1
http://spidermonkey.helixcode.com/distributions/Solaris/helix-update-0 .6-0_helix_1.sparc64.rpm -
Helix Code SuSE 6.3: hupdate-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/SuSE/hupdate-0.6-0_hel ix_2.i386.rpm -
Helix Code SuSE 6.4: hupdate-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/SuSE-6.4/hupdate-0.6-0 _helix_2.i386.rpm -
Helix Code TurboLinux:: helix-update-0.6-0_helix_3
http://spidermonkey.helixcode.com/distributions/TurboLinux-6/helix-upd ate-0.6-0_helix_3.i386.rpm
Helix Code GNOME Updater 0.4
-
Helix Code Caldera eDesktop 2.4: helix-update-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/Caldera-2.4/helix-upda te-0.6-0_helix_2.i386.rpm -
Helix Code Linux PPC: helix-update-0.6.0_helix_2
http://spidermonkey.helixcode.com/distributions/LinuxPPC/helix-update- 0.6.0_helix_2.ppc.rpm -
Helix Code Mandrake: helix-update-0.6-0mdk_helix_2
http://spidermonkey.helixcode.com/distributions/Mandrake/helix-update- 0.6-0mdk_helix_2.i586.rpm -
Helix Code RedHat: helix-update-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/RedHat-6/helix-update- 0.6-0_helix_2.i386.rpm -
Helix Code Solaris (sparc u64): helix-update-0.6-0_helix_1
http://spidermonkey.helixcode.com/distributions/Solaris/helix-update-0 .6-0_helix_1.sparc64.rpm -
Helix Code SuSE 6.3: hupdate-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/SuSE/hupdate-0.6-0_hel ix_2.i386.rpm -
Helix Code SuSE 6.4: hupdate-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/SuSE-6.4/hupdate-0.6-0 _helix_2.i386.rpm -
Helix Code TurboLinux:: helix-update-0.6-0_helix_3
http://spidermonkey.helixcode.com/distributions/TurboLinux-6/helix-upd ate-0.6-0_helix_3.i386.rpm
Helix Code GNOME Updater 0.5
-
Helix Code Caldera eDesktop 2.4: helix-update-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/Caldera-2.4/helix-upda te-0.6-0_helix_2.i386.rpm -
Helix Code Linux PPC: helix-update-0.6.0_helix_2
http://spidermonkey.helixcode.com/distributions/LinuxPPC/helix-update- 0.6.0_helix_2.ppc.rpm -
Helix Code Mandrake: helix-update-0.6-0mdk_helix_2
http://spidermonkey.helixcode.com/distributions/Mandrake/helix-update- 0.6-0mdk_helix_2.i586.rpm -
Helix Code RedHat: helix-update-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/RedHat-6/helix-update- 0.6-0_helix_2.i386.rpm -
Helix Code Solaris (sparc u64): helix-update-0.6-0_helix_1
http://spidermonkey.helixcode.com/distributions/Solaris/helix-update-0 .6-0_helix_1.sparc64.rpm -
Helix Code SuSE 6.3: hupdate-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/SuSE/hupdate-0.6-0_hel ix_2.i386.rpm -
Helix Code SuSE 6.4: hupdate-0.6-0_helix_2
http://spidermonkey.helixcode.com/distributions/SuSE-6.4/hupdate-0.6-0 _helix_2.i386.rpm -
Helix Code TurboLinux:: helix-update-0.6-0_helix_3
http://spidermonkey.helixcode.com/distributions/TurboLinux-6/helix-upd ate-0.6-0_helix_3.i386.rpm
References
Gnome Updater Arbitrary RPM Installation Vulnerability
References:
References:
- Helix Code Homepage (Helix Code, Inc.)
- Updater Information (Helix Code, Inc.)