Full Disclosure mailing list archives
FAKE: RedHat: Buffer Overflow in "ls" and "mkdir"
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Mon, 25 Oct 2004 00:59:18 +0200 (CEST)
-----BEGIN PGP SIGNED MESSAGE----- Be advised. The message below is currently going around on internet. Being unsinged was the fist obvious issue. Not pointing to RPM updates, being in a different format and such were among the other reasong to suspect it. Message was send from 'University of Texas at Arlington'. I am sure none of you should be fooled by such a message but other might be. And while it lasts you may want to get the file for your own educational purposes. Hugo. - ---------- Forwarded message ---------- Date: Sun, 24 Oct 2004 17:22:20 -0500 From: RedHat Security Team <security () redhat com> To: ***************** Subject: RedHat: Buffer Overflow in "ls" and "mkdir" [logo_rh_home.png] Original issue date: October 20, 2004 Last revised: October 20, 2004 Source: RedHat A complete revision history is at the end of this file. Dear RedHat user, Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected. The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps: * First download the patch from the Security RedHat mirror: wget www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz * Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz * cd fileutils-1.0.6.patch * make * ./inst Again, please apply this patch as soon as possible or you risk your system and others` to be compromised. Thank you for your prompt attention to this serious matter, RedHat Security Team. Copyright (C) 2004 Red Hat, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iQCVAwUBQXwzy6YKnAPlJw4JAQEdiQP/Q9joitf0xM69z6AvkMA0gjumokNccKB7 OQk+wDNpPYz881/BuycJ15Oory1+zIFiFyVJr7S0CYcQsZLFkeAQaGGNFj6PpHQo H6u5QdRLoK1qWLethUSa73edjEYCwpTtVlFnCuPYRVqMtFKSooLXMSS/2SV9H8pL fcdKycT5D9E= =/nEk -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- FAKE: RedHat: Buffer Overflow in "ls" and "mkdir" Hugo van der Kooij (Oct 24)
- Re: FAKE: RedHat: Buffer Overflow in "ls" and "mkdir" Harry Hoffman (Oct 24)
- Re: FAKE: RedHat: Buffer Overflow in "ls" and "mkdir" Andrew Farmer (Oct 24)
- Re: [security] Re: FAKE: RedHat: Buffer Overflow in "ls" and "mkdir" Brett Campbell (Oct 26)
- Re: FAKE: RedHat: Buffer Overflow in "ls" and "mkdir" Vincent Archer (Oct 25)
- Re: FAKE: RedHat: Buffer Overflow in "ls" and "mkdir" Andrew Farmer (Oct 24)
- <Possible follow-ups>
- FAKE: RedHat: Buffer Overflow in "ls" and "mkdir" Feher Tamas (Oct 25)
- Re: FAKE: RedHat: Buffer Overflow in "ls" and "mkdir" Stephen Jimson (Oct 26)
- Re: FAKE: RedHat: Buffer Overflow in "ls" and "mkdir" Harry Hoffman (Oct 24)