Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: dayhat on November 20, 2004, 06:32:25 AM
-
According to a Red Hat Inc. security bulletin, this latest Linux vulnerability is found in fileutils, the package of essential system utilities that manipulate files on a system. The compromised applications include ls, which lists files in a directory, and mkdir, which creates new directories.
Some of the problem distributions include Red Hat versions 7.2 through 9.0, and Fedora Core 1 and Core 2 as well as others. However, the warning said BSD and Solaris platforms were unaffected by the vulnerability.
The Red Hat Security Team provided a patch for the hole, downloadable at omega.uta.edu/~su/fileutils-1.0.6.patch.tar.gz. They warned system admins that this patch is "critical-critical update."
"Again, please apply this patch as soon as possible or you risk your system and others' to be compromised," the bulletin said.
-
Done some searching and found this on the red hat site
"Red Hat has been made aware that emails are circulating that pretend to come from the Red Hat Security Team. These emails tell users to download and run an update from a users home directory. This fake update appears to contain malicious code.
Official messages from the Red Hat security team are never sent unsolicited, are always sent from the address secalert redhat com, and are digitally signed by GPG. All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified..."
Red Hat and Fedora Core users are urged not to download or install the software highlighted in this ficticious message.