FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

helvis -- arbitrary file deletion problem

Affected packages
ko-helvis <= 1.8h2_1
helvis <= 1.8h2_1

Details

VuXML ID 0cf3480d-5fdf-11d9-b721-00065be4b5b6
Discovery 2004-11-24
Entry 2005-01-10
Modified 2005-01-19

The setuid root elvprsv utility, used to preserve recovery helvis files, can be abused by local users to delete with root privileges.

The problem is that elvprsv deletes files when it thinks they have become corrupt. When elvprsv is pointed to a normal file then it will almost always think the file is corrupt and deletes it. This behavior may be exploited by local attackers to delete critical files.

References

CVE Name CVE-2005-0120
URL http://people.freebsd.org/~niels/ports/korean/helvis/issues.txt