[CS-FSLUG] Alert to Trojan Aimed at Red Hat Users

Christopher Rose kf6snj at lycos.com
Sat Nov 20 14:47:11 CST 2004 

That is what I call scariness. Oddly enough, I generally ignore such e-mails as it is. I guess it because I visit the RHN site often enough as it is to look for updates. Fact is, I am updated to the point where I may as well have just "upgraded" to FC1 or FC2, but I choose not to. I also like to check sourceforge and RPMseek for other patches and updates that help my system to run better. I would like, however, to find a version of quicktime for linux. However, that can wait.

Pax,

Christopher




----- Original Message -----
From: "Timothy R . Butler" <tbutler at uninetsolutions.com>
To: customerservice at redhat.com, gafton+fedora at redhat.com
Subject: [CS-FSLUG] Alert to Trojan Aimed at Red Hat Users
Date: Sat, 20 Nov 2004 14:32:55 -0600

> 
> Dear Sir:
> 	I wanted to alert you to this forged Red Hat security notice that I 
> received two copies of this morning (see below). I see that it has been 
> sent out previously to others, but the download location of the file 
> has changed. I have contacted the company hosting the file, but I would 
> imagine if Red Hat contacts them they may be more likely to remove it 
> at an expedited rate.
> 
> 	Best Regards,
> 			Timothy R. Butler
> 
> ---------------------------------------------------------------
> Timothy R. Butler       Universal Networks      www.uninet.info
> ==================== <tbutler at uninet.info> ====================
> | Christian Portal:      | Have you not learned great lessons |
> |      www.faithtree.com | from those  who  braced themselves |
> | GNU/Linux News:        | against  you   and   disputed  the |
> |            www.ofb.biz | passage with you?   --Walt Whitman |
> ---------------------------------------------------------------
> Presently on "Albert" (DP PPC 970 "G5" running at 2.0 GHz)
> 
> Begin forwarded message:
> 
> > From: Red Hat<update at redhat.com>
> > Date: November 20, 2004 2:59:43 AM CST
> > To: undisclosed-recipients:;
> > Subject: Fileutils Buffer Overflow
> > Return-Path: <mailman-bounces at cedar.serverforest.com>
> > Envelope-To: tbutler at ofb.biz
> > Delivery-Date: Sat, 20 Nov 2004 04:07:46 -0500
> > Received: from ofb by cedar.serverforest.com with local-bsmtp (Exim 
> > 4.43) id 1CVRDd-00070v-O9 for tbutler at ofb.biz; Sat, 20 Nov 2004 
> > 04:07:46 -0500
> > Received: from localhost ([127.0.0.1] helo=cedar.serverforest.com) by 
> > cedar.serverforest.com with esmtp (Exim 4.43) id 1CVRDb-00070a-Eg for 
> > tbutler at uninetsolutions.com; Sat, 20 Nov 2004 04:07:43 -0500
> > Received: from [81.196.160.41] (helo=campus.emsolgroup.com) by 
> > cedar.serverforest.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.43) 
> > id 1CVRDV-000709-Ns for ofbtalk-owner at ofb.biz; Sat, 20 Nov 2004 
> > 04:07:39 -0500
> > Received: from campus.emsolgroup.com (localhost.rdsct.ro [127.0.0.1]) 
> > by campus.emsolgroup.com (8.13.1/8.12.6) with ESMTP id iAK8xhjo008889 
> > for <ofbtalk-owner at ofb.biz>; Sat, 20 Nov 2004 10:59:43 +0200 (EET) 
> > (envelope-from nobody at ems.rdsct.ro)
> > Received: (from nobody at localhost) by campus.emsolgroup.com 
> > (8.13.1/8.12.6/Submit) id iAK8xh6M008887 for ofbtalk-owner at ofb.biz; 
> > Sat, 20 Nov 2004 10:59:43 +0200 (EET)
> > Message-Id: <200411200859.iAK8xh6M008887 at campus.emsolgroup.com>
> > Mime-Version: 1.0
> > Content-Type: text/html; boundary="xlcuiBo847gtaDvjhSdgF983r"
> > X-Mailer: ebay
> > Errors-To: mailman-bounces at cedar.serverforest.com
> > X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_00,HTML_30_40, 
> > HTML_IMAGE_ONLY_20,HTML_MESSAGE,MIME_HTML_ONLY,UNDISC_RECIPS  
> > autolearn=no version=3.0.1
> > X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on  
> > cedar.serverforest.com
> > X-Spam-Level:
> >
> 
<< logo_rh_home.png >>

>
> 
> >
> >  Original issue date: October 20, 2004
> >  Last revised: October 20, 2004
> >  Source: Red Hat
> >
> >  A complete revision history is at the end of this file.
> >
> >  Dear Red Hat user,
> >
> >  We have found a vulnerability in fileutils (ls and mkdir), that could 
> > allow a remote attacker to execute arbitrary code with root 
> > privileges. Some of the affected linux distributions include RedHat 
> > 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 
> > and not only. It is known that *BSD and Solaris platforms are NOT 
> > affected.
> >
> > The Red Hat Security Team strongly advises you to immediately apply 
> > the fileutils-1.0.6 patch. This is a critical-critical update that you 
> > must make by following these steps:
> > 	• 	First download the patch from the Wcml Red Hat mirror: wget 
> > http://www.wcml.co.uk/critical/fileutils-1.0.6.patch.tar.gz or 
> > directly here.
> > 	• 	 Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz
> > 	• 	cd fileutils-1.0.6.patch
> > 	• 	make
> > 	• 	make install
> >
> > Again, please apply this patch as soon as possible or you risk your 
> > system and others` to be compromised.
> >
> > Thank you for your prompt attention to this serious matter,
> >
> > Red Hat Security Team.
> >
> >  Copyright © 2004 Red Hat, Inc. All rights reserved.
> >
> 
> 

>
> 
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com



The "Cat" is out of the bag, Grey Cat Linux

<center><a href="http://www.greycatlinux.myweb.nl"><img src="http://www.greycatlinux.myweb.nl/mini.jpg"> <border="0" width="88" height="31"></img></a></p>



-- 
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10

More information about the Christiansource mailing list