mailing list archives
FAKE: RedHat: Buffer Overflow in "ls" and "mkdir"
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Mon, 25 Oct 2004 00:59:18 +0200 (CEST)
-----BEGIN PGP SIGNED MESSAGE-----
The message below is currently going around on internet. Being unsinged
was the fist obvious issue. Not pointing to RPM updates, being in a
different format and such were among the other reasong to suspect it.
Message was send from 'University of Texas at Arlington'.
I am sure none of you should be fooled by such a message but other might
And while it lasts you may want to get the file for your own educational
- ---------- Forwarded message ----------
Date: Sun, 24 Oct 2004 17:22:20 -0500
From: RedHat Security Team <security () redhat com>
Subject: RedHat: Buffer Overflow in "ls" and "mkdir"
Original issue date: October 20, 2004
Last revised: October 20, 2004
A complete revision history is at the end of this file.
Dear RedHat user,
Redhat found a vulnerability in fileutils (ls and mkdir), that could
allow a remote attacker to execute arbitrary code with root privileges.
Some of the affected linux distributions include RedHat 7.2, RedHat 7.3,
RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is
known that *BSD and Solaris platforms are NOT affected.
The RedHat Security Team strongly advises you to immediately apply the
fileutils-1.0.6 patch. This is a critical-critical update that you must
make by following these steps:
* First download the patch from the Security RedHat mirror: wget
* Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz
* cd fileutils-1.0.6.patch
Again, please apply this patch as soon as possible or you risk your
system and others` to be compromised.
Thank you for your prompt attention to this serious matter,
RedHat Security Team.
Copyright (C) 2004 Red Hat, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
- FAKE: RedHat: Buffer Overflow in "ls" and "mkdir" Hugo van der Kooij (Oct 24)