wats interesting is that this seems to be a modified version of the original mail that was sent out by a person at stanford university http://www.linux.ie/pipermail/ilug/2004-October/019483.html this one seems to have come from utah university Regards, Bijoy. ----- Original Message ----- From: Athul Acharya <aacharya@xxxxxxxxx> Date: Sunday, October 24, 2004 7:54 pm Subject: Re: RedHat: Buffer Overflow in "ls" and "mkdir" > Just incase anyone was under the misimpression that this is for real, > it's not; I see no record of this vuln. elsewhere and whois records > show no affiliation between fedora-redhat.com and redhat.com. Looks > like the Linux equivalent of all those fake MS security warnings. > > Athul > > On Sun, 24 Oct 2004 17:16:21 -0500, RedHat Security Team > <security@xxxxxxxxxx> wrote: > > > > > > > > > > > > > > Original issue date: October 20, 2004 > > Last revised: October 20, 2004 > > Source: RedHat > > > > A complete revision history is at the end of this file. > > > > Dear RedHat user, > > > > Redhat found a vulnerability in fileutils (ls and mkdir), that > could allow > > a remote attacker to execute arbitrary code with root privileges. > Some of > > the affected linux distributions include RedHat 7.2, RedHat 7.3, > RedHat 8.0, > > RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is > known that *BSD > > and Solaris platforms are NOT affected. > > > > The RedHat Security Team strongly advises you to immediately > apply the > > fileutils-1.0.6 patch. This is a critical-critical update that > you must > > make by following these steps: > > First download the patch from the Security RedHat mirror: > > wget www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz > > Untar the patch: > > tar zxvf fileutils-1.0.6.patch.tar.gz > > > > cd fileutils-1.0.6.patch > > > > make > > > > ./inst > > > > Again, please apply this patch as soon as possible or you risk > your system > > and others` to be compromised. > > > > Thank you for your prompt attention to this serious matter, > > > > RedHat Security Team. > > > > Copyright  2004 Red Hat, Inc. All rights reserved. -- > Kernelnewbies: Help > > each other learn about the Linux kernel. Archive: > > http://mail.nl.linux.org/kernelnewbies/ FAQ: > http://kernelnewbies.org/faq/ > -- > Kernelnewbies: Help each other learn about the Linux kernel. > Archive: http://mail.nl.linux.org/kernelnewbies/ > FAQ: http://kernelnewbies.org/faq/ > > -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
