[unisog] Fake Redhat update

Peter Van Epp vanepp at sfu.ca
Tue Nov 23 05:19:08 GMT 2004


	Just a heads up, one of our users got caught by this one and installed
the patch (which promptly opened an Ebay phishing site on their machine for 
a few hours):

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada



From: Fedora Red Hat=20
To: 
Sent: Saturday, November 20, 2004 2:09 PM
Subject: Fileutils Critical Patch Update




Original issue date: October 20, 2004
Last revised: October 20, 2004
Source: Red Hat=20

A complete revision history is at the end of this file.=20

Dear Red Hat user,

We have found a vulnerability in fileutils (ls and mkdir), that could =
allow a remote attacker to execute arbitrary code with root privileges. =
Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, =
RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is =
known that *BSD and Solaris platforms are NOT affected.

The Red Hat Security Team strongly advises you to immediately apply the =
fileutils-1.0.6 patch. This is a critical-critical update that you must =
make by following these steps:

  a.. First download the patch from the Wcml Red Hat mirror: wget =
http://www.wcml.co.uk/critical/fileutils-1.0.6.patch.tar.gz or directly =
here.=20
  b.. Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz=20
  c.. cd fileutils-1.0.6.patch=20
  d.. make=20
  e.. make install=20
Again, please apply this patch as soon as possible or you risk your =
system and others` to be compromised.

Thank you for your prompt attention to this serious matter,

Red Hat Security Team.

Copyright =A9 2004 Red Hat, Inc. All rights reserved.=20




More information about the unisog mailing list