[CS-FSLUG] Alert to Trojan Aimed at Red Hat Users
Christopher Rose
kf6snj at lycos.com
Sat Nov 20 14:47:11 CST 2004
That is what I call scariness. Oddly enough, I generally ignore such e-mails as it is. I guess it because I visit the RHN site often enough as it is to look for updates. Fact is, I am updated to the point where I may as well have just "upgraded" to FC1 or FC2, but I choose not to. I also like to check sourceforge and RPMseek for other patches and updates that help my system to run better. I would like, however, to find a version of quicktime for linux. However, that can wait.
Pax,
Christopher
----- Original Message -----
From: "Timothy R . Butler" <tbutler at uninetsolutions.com>
To: customerservice at redhat.com, gafton+fedora at redhat.com
Subject: [CS-FSLUG] Alert to Trojan Aimed at Red Hat Users
Date: Sat, 20 Nov 2004 14:32:55 -0600
>
> Dear Sir:
> I wanted to alert you to this forged Red Hat security notice that I
> received two copies of this morning (see below). I see that it has been
> sent out previously to others, but the download location of the file
> has changed. I have contacted the company hosting the file, but I would
> imagine if Red Hat contacts them they may be more likely to remove it
> at an expedited rate.
>
> Best Regards,
> Timothy R. Butler
>
> ---------------------------------------------------------------
> Timothy R. Butler Universal Networks www.uninet.info
> ==================== <tbutler at uninet.info> ====================
> | Christian Portal: | Have you not learned great lessons |
> | www.faithtree.com | from those who braced themselves |
> | GNU/Linux News: | against you and disputed the |
> | www.ofb.biz | passage with you? --Walt Whitman |
> ---------------------------------------------------------------
> Presently on "Albert" (DP PPC 970 "G5" running at 2.0 GHz)
>
> Begin forwarded message:
>
> > From: Red Hat<update at redhat.com>
> > Date: November 20, 2004 2:59:43 AM CST
> > To: undisclosed-recipients:;
> > Subject: Fileutils Buffer Overflow
> > Return-Path: <mailman-bounces at cedar.serverforest.com>
> > Envelope-To: tbutler at ofb.biz
> > Delivery-Date: Sat, 20 Nov 2004 04:07:46 -0500
> > Received: from ofb by cedar.serverforest.com with local-bsmtp (Exim
> > 4.43) id 1CVRDd-00070v-O9 for tbutler at ofb.biz; Sat, 20 Nov 2004
> > 04:07:46 -0500
> > Received: from localhost ([127.0.0.1] helo=cedar.serverforest.com) by
> > cedar.serverforest.com with esmtp (Exim 4.43) id 1CVRDb-00070a-Eg for
> > tbutler at uninetsolutions.com; Sat, 20 Nov 2004 04:07:43 -0500
> > Received: from [81.196.160.41] (helo=campus.emsolgroup.com) by
> > cedar.serverforest.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.43)
> > id 1CVRDV-000709-Ns for ofbtalk-owner at ofb.biz; Sat, 20 Nov 2004
> > 04:07:39 -0500
> > Received: from campus.emsolgroup.com (localhost.rdsct.ro [127.0.0.1])
> > by campus.emsolgroup.com (8.13.1/8.12.6) with ESMTP id iAK8xhjo008889
> > for <ofbtalk-owner at ofb.biz>; Sat, 20 Nov 2004 10:59:43 +0200 (EET)
> > (envelope-from nobody at ems.rdsct.ro)
> > Received: (from nobody at localhost) by campus.emsolgroup.com
> > (8.13.1/8.12.6/Submit) id iAK8xh6M008887 for ofbtalk-owner at ofb.biz;
> > Sat, 20 Nov 2004 10:59:43 +0200 (EET)
> > Message-Id: <200411200859.iAK8xh6M008887 at campus.emsolgroup.com>
> > Mime-Version: 1.0
> > Content-Type: text/html; boundary="xlcuiBo847gtaDvjhSdgF983r"
> > X-Mailer: ebay
> > Errors-To: mailman-bounces at cedar.serverforest.com
> > X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_00,HTML_30_40,
> > HTML_IMAGE_ONLY_20,HTML_MESSAGE,MIME_HTML_ONLY,UNDISC_RECIPS
> > autolearn=no version=3.0.1
> > X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on
> > cedar.serverforest.com
> > X-Spam-Level:
> >
>
<< logo_rh_home.png >>
>
>
> >
> > Original issue date: October 20, 2004
> > Last revised: October 20, 2004
> > Source: Red Hat
> >
> > A complete revision history is at the end of this file.
> >
> > Dear Red Hat user,
> >
> > We have found a vulnerability in fileutils (ls and mkdir), that could
> > allow a remote attacker to execute arbitrary code with root
> > privileges. Some of the affected linux distributions include RedHat
> > 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2
> > and not only. It is known that *BSD and Solaris platforms are NOT
> > affected.
> >
> > The Red Hat Security Team strongly advises you to immediately apply
> > the fileutils-1.0.6 patch. This is a critical-critical update that you
> > must make by following these steps:
> > • First download the patch from the Wcml Red Hat mirror: wget
> > http://www.wcml.co.uk/critical/fileutils-1.0.6.patch.tar.gz or
> > directly here.
> > • Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz
> > • cd fileutils-1.0.6.patch
> > • make
> > • make install
> >
> > Again, please apply this patch as soon as possible or you risk your
> > system and others` to be compromised.
> >
> > Thank you for your prompt attention to this serious matter,
> >
> > Red Hat Security Team.
> >
> > Copyright © 2004 Red Hat, Inc. All rights reserved.
> >
>
>
>
>
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com
The "Cat" is out of the bag, Grey Cat Linux
<center><a href="http://www.greycatlinux.myweb.nl"><img src="http://www.greycatlinux.myweb.nl/mini.jpg"> <border="0" width="88" height="31"></img></a></p>
--
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10
More information about the Christiansource
mailing list