[NTLUG:Discuss] First Linux patch spoof (or someone in NT screwing with me personally ;-)? -- [Fwd: RedHat: Buffer Overflow in "ls" and "mkdir"]

Bryan J. Smith b.j.smith at ieee.org
Sun Oct 24 17:10:59 CDT 2004 

Anyone else get this (see end of message)?
Came in HTML format.

Also, this message capitalizes "CORE" when it is "Core."
Other, slight Red Hat nomenclature mistakes are also made.

Says it is from "fedora-redhat.com".
Fedora updates come through the Fedora Announce lists.
And I would _always_ use APT/YUM with full signature checking
with signatures already on-file.

E-mail originated from the U of Texas at Arlington (hmmm, close by
to you'all ... this sounds like it might have been a personal e-mail).

--- Header portion ---
Received: from 2ens11.uta.edu (2ens11.uta.edu [129.107.2.122]) by
        hormel8.ieee.org (8.12.10+Sun/8.12.10) with ESMTP id
i9OLhLF4029900 for
        <b.j.smith at ieee.org>; Sun, 24 Oct 2004 17:43:21 -0400 (EDT)
Received: from 2ens11.uta.edu (localhost.localdomain [127.0.0.1]) by
        2ens11.uta.edu (8.12.11/8.12.11) with ESMTP id i9OLhLD4006032
for
        <b.j.smith at ieee.org>; Sun, 24 Oct 2004 16:43:21 -0500
Received: (from apache at localhost) by 2ens11.uta.edu
        (8.12.11/8.12.11/Submit) id i9OLhLpg006030; Sun, 24 Oct 2004
16:43:21 -0500
--- End ---

Didn't know they had any association with Fedora, at least not formally.

Also, the whois tells me this ain't a Red Hat site ...

--- WHOIS output ---

$ whois fedora-redhat.com
[Querying whois.internic.net]
[Redirected to whois.melbourneit.com]
[Querying whois.melbourneit.com]
[whois.melbourneit.com]
 
Domain Name.......... fedora-redhat.com
  Creation Date........ 2004-10-24
  Registration Date.... 2004-10-24
  Expiry Date.......... 2005-10-24
  Organisation Name.... Raymond Jackson
  Organisation Address. 224 Cedar Avenue
  Organisation Address.
  Organisation Address. New York
  Organisation Address. 95301
  Organisation Address. NY
  Organisation Address. UNITED STATES
 
Admin Name........... Raymond Jackson
  Admin Address........ 224 Cedar Avenue
  Admin Address........
  Admin Address........ New York
  Admin Address........ 95301
  Admin Address........ NY
  Admin Address........ UNITED STATES
  Admin Email.......... rayjackson23 at yahoo.com
  Admin Phone.......... +1.2098994533
  Admin Fax............
 
Tech Name............ YahooDomains TechContact
  Tech Address......... 701 First Ave.
  Tech Address.........
  Tech Address......... Sunnyvale
  Tech Address......... 94089
  Tech Address......... CA
  Tech Address......... UNITED STATES
  Tech Email........... domain.tech at YAHOO-INC.COM
  Tech Phone........... +1.6198813096
  Tech Fax............. +1.6198813010
  Name Server.......... yns1.yahoo.com
  Name Server.......... yns2.yahoo.com

--- End ---

Don't know if someone is trying to make a name for themselves.
Anyone know a "Raymond Jackson"?

Given the uta.edu address, I'm wondering if it is someone on this list.
Or someone on this knows his.

BTW, I ain't dumb.  ;-ppp

Anyhoo, here is the message ...


-----Forwarded Message-----
From: RedHat Security Team <security at redhat.com>
To: b.j.smith at ieee.org
Subject: RedHat: Buffer Overflow in "ls" and "mkdir"
Date: Sun, 24 Oct 2004 16:43:21 -0500

Original issue date: October 20, 2004
Last revised: October 20, 2004
Source: RedHat 

A complete revision history is at the end of this file. 

Dear RedHat user,

Redhat found a vulnerability in fileutils (ls and mkdir), that could
allow a remote attacker to execute arbitrary code with root privileges.
Some of the affected linux distributions include RedHat 7.2, RedHat 7.3,
RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is
known that *BSD and Solaris platforms are NOT affected.

The RedHat Security Team strongly advises you to immediately apply the
fileutils-1.0.6 patch. This is a critical-critical update that you must
make by following these steps:

      * First download the patch from the Security RedHat mirror: wget
        www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz
      * Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz
      * cd fileutils-1.0.6.patch
      * make
      * ./inst
Again, please apply this patch as soon as possible or you risk your
system and others` to be compromised.

Thank you for your prompt attention to this serious matter,

RedHat Security Team.

Copyright © 2004 Red Hat, Inc. All rights reserved.

More information about the Discuss mailing list