From owner-freebsd-chat@FreeBSD.ORG Sun Oct 24 23:14:41 2004 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7AE5316A4CE for ; Sun, 24 Oct 2004 23:14:41 +0000 (GMT) Received: from obsecurity.dyndns.org (CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.194.102.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5032643D1F for ; Sun, 24 Oct 2004 23:14:40 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 31E1A52C13; Sun, 24 Oct 2004 16:15:12 -0700 (PDT) Date: Sun, 24 Oct 2004 16:15:12 -0700 From: Kris Kennaway To: RedHat Security Team Message-ID: <20041024231512.GA1978@xor.obsecurity.org> References: <200410242157.i9OLvRtV011244@2ens11.uta.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="r5Pyd7+fXNt84Ff3" Content-Disposition: inline In-Reply-To: <200410242157.i9OLvRtV011244@2ens11.uta.edu> User-Agent: Mutt/1.4.2.1i cc: freebsd-chat@freebsd.org Subject: Re: RedHat: Buffer Overflow in "ls" and "mkdir" X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Oct 2004 23:14:41 -0000 --r5Pyd7+fXNt84Ff3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Oct 24, 2004 at 04:57:27PM -0500, RedHat Security Team wrote: >=20 > [logo_rh_home.png] >=20 > Original issue date: October 20, 2004 > Last revised: October 20, 2004 > Source: RedHat >=20 > A complete revision history is at the end of this file. >=20 > Dear RedHat user, >=20 > Redhat found a vulnerability in fileutils (ls and mkdir), that could > allow a remote attacker to execute arbitrary code with root > privileges. Some of the affected linux distributions include RedHat > 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 > and not only. It is known that *BSD and Solaris platforms are NOT > affected. >=20 > The RedHat Security Team strongly advises you to immediately apply the > fileutils-1.0.6 patch. This is a critical-critical update that you > must make by following these steps: > * First download the patch from the Security RedHat mirror: wget > www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz Domain Name.......... fedora-redhat.com Creation Date........ 2004-10-24 Registration Date.... 2004-10-24 Expiry Date.......... 2005-10-24 Organisation Name.... Raymond Jackson Organisation Address. 224 Cedar Avenue Organisation Address. Organisation Address. New York Organisation Address. 95301 Organisation Address. NY Organisation Address. UNITED STATES Admin Name........... Raymond Jackson Admin Address........ 224 Cedar Avenue Admin Address........ Admin Address........ New York Admin Address........ 95301 Admin Address........ NY Admin Address........ UNITED STATES Admin Email.......... rayjackson23@yahoo.com Admin Phone.......... +1.2098994533 Admin Fax............ Tech Name............ YahooDomains TechContact Tech Address......... 701 First Ave. Tech Address......... Tech Address......... Sunnyvale Tech Address......... 94089 Tech Address......... CA Tech Address......... UNITED STATES Tech Email........... domain.tech@YAHOO-INC.COM Tech Phone........... +1.6198813096 Tech Fax............. +1.6198813010 Name Server.......... yns1.yahoo.com Name Server.......... yns2.yahoo.com whitepages.com says: Jackson, Raymond 224 Cedar Ave Atwater, CA 95301-4454 (209) 358-8510 Kris --r5Pyd7+fXNt84Ff3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBfDd/Wry0BWjoQKURAmceAKDNIKAcRhJgQE5YKyhPl+8t1Cs9rgCfV42B YpQ/+ZminSTspTO4S1mGJqE= =j6Gh -----END PGP SIGNATURE----- --r5Pyd7+fXNt84Ff3--