[Fwd: RedHat: Buffer Overflow in "ls" and "mkdir"]
Kevin P. Fleming
kpfleming at linuxfromscratch.org
Sun Oct 24 15:53:02 PDT 2004
This crap was sent to my @lfs.org email address, presumably because I've
used it to participate on some bugs in RedHat's Bugzilla.
Amazingly, this message (and the associated bogus website) are trying to
get you to download, compile and run some unspecified binary blob (it's
most definitely _not_ any sort of patch against fileutils). Only the
truly stupid would actually do this, especially considering that RedHat
have never, and will never, handle a security issue this way (duh,
they'd _always_ release new RPMs).
It will be interesting to see how quickly RedHat gets this website shut
down due to trademark infringement (it has the RH logo on it).
-------- Original Message --------
Subject: RedHat: Buffer Overflow in "ls" and "mkdir"
Date: Sun, 24 Oct 2004 17:17:18 -0500
From: RedHat Security Team <security at redhat.com>
Reply-To: security at redhat.com
To: kpfleming at linuxfromscratch.org
Original issue date: October 20, 2004
Last revised: October 20, 2004
A complete revision history is at the end of this file.
Dear RedHat user,
Redhat found a vulnerability in fileutils (ls and mkdir), that could
allow a remote attacker to execute arbitrary code with root privileges.
Some of the affected linux distributions include RedHat 7.2, RedHat 7.3,
RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is
known that *BSD and Solaris platforms are NOT affected.
The RedHat Security Team strongly advises you to immediately apply the*
fileutils-1.0.6 patch*. This is a critical-critical update that you must
make by following these steps:
* First download the patch from the Security RedHat mirror: */wget
* Untar the patch:/* tar zxvf fileutils-1.0.6.patch.tar.gz*/
* /*cd fileutils-1.0.6.patch*/
Again, please apply this patch as soon as possible or you risk your
system and others` to be compromised.
Thank you for your prompt attention to this serious matter,
RedHat Security Team.
Copyright © 2004 Red Hat, Inc. All rights reserved.
More information about the lfs-chat