Local Vulnerability in Helix GNOME Updater Affects Installation Process
CVE-2000-0722

Currently unrated

Key Information:

Vendor: Helix Code
Status: Gnome Updater
Vendor: CVE Published:; 20 October 2000

What is CVE-2000-0722?

The Helix GNOME Updater (helix-update) versions 0.5 and earlier are susceptible to a local vulnerability that enables unauthorized users to install arbitrary RPM packages. This occurs when a user is able to create the /tmp/helix-install directory prior to the root user starting the installation of software packages. This exploit can lead to potential system compromises as malicious users could leverage this access to introduce unverified software into the environment.

References

http://www.securityfocus.com/bid/1593

vdb-entryx_refsource_BID

http://www.securityfocus.com/templates/archive.pike?list=...

mailing-listx_refsource_BUGTRAQ

http://archives.neohapsis.com/archives/bugtraq/2000-08/02...

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2000
Vulnerability Reserved
Sep 19, 2000

Helix Code

What is CVE-2000-0722?

References

Timeline