Helix Code "go-gnome" /tmp Symlink Vulnerability

Go-Gnome is a system created by Helix Code to download the files necessary to install Helix Code Gnome easily and automatically. It is basically a shellscript served by go-gnome.com that is dumped into a textfile with lynx and then executed. Go-Gnome, when run, creates a number of temporary files in /tmp with predictable filenames. Since /tmp is world writeable, if a malicious user knows in advance that root is going to be using go-gnome to install Gnome, symbolic links to arbitrary files on the filesystem with filenames of files written to /tmp by go-gnome can be created before go-gnome runs. When go-gnome is executed, it will attempt to write to these files but will instead write to whatever is pointed to by the symbolic links. Thus it is possible for an attacker, with knowledge that go-gnome will be run, to overwrite any files on the filesystem. This can lead to a denial of service or in some cases compromise of the system.


 

Privacy Statement
Copyright 2010, SecurityFocus