RedHat: Buffer Overflow in "ls" and "mkdir"

Kris Kennaway kris at obsecurity.org
Sun Oct 24 16:14:41 PDT 2004 

On Sun, Oct 24, 2004 at 04:57:27PM -0500, RedHat Security Team wrote:
> 
>    [logo_rh_home.png]
> 
>    Original issue date: October 20, 2004
>    Last revised: October 20, 2004
>    Source: RedHat
> 
>    A complete revision history is at the end of this file.
> 
>    Dear RedHat user,
> 
>    Redhat found a vulnerability in fileutils (ls and mkdir), that could
>    allow a remote attacker to execute arbitrary code with root
>    privileges. Some of the affected linux distributions include RedHat
>    7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2
>    and not only. It is known that *BSD and Solaris platforms are NOT
>    affected.
> 
>    The RedHat Security Team strongly advises you to immediately apply the
>    fileutils-1.0.6 patch. This is a critical-critical update that you
>    must make by following these steps:
>      * First download the patch from the Security RedHat mirror: wget
>        www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz

Domain Name.......... fedora-redhat.com
  Creation Date........ 2004-10-24
  Registration Date.... 2004-10-24
  Expiry Date.......... 2005-10-24
  Organisation Name.... Raymond Jackson
  Organisation Address. 224 Cedar Avenue
  Organisation Address.
  Organisation Address. New York
  Organisation Address. 95301
  Organisation Address. NY
  Organisation Address. UNITED STATES

Admin Name........... Raymond Jackson
  Admin Address........ 224 Cedar Avenue
  Admin Address........
  Admin Address........ New York
  Admin Address........ 95301
  Admin Address........ NY
  Admin Address........ UNITED STATES
  Admin Email.......... rayjackson23 at yahoo.com
  Admin Phone.......... +1.2098994533
  Admin Fax............

Tech Name............ YahooDomains TechContact
  Tech Address......... 701 First Ave.
  Tech Address.........
  Tech Address......... Sunnyvale
  Tech Address......... 94089
  Tech Address......... CA
  Tech Address......... UNITED STATES
  Tech Email........... domain.tech at YAHOO-INC.COM
  Tech Phone........... +1.6198813096
  Tech Fax............. +1.6198813010
  Name Server.......... yns1.yahoo.com
  Name Server.......... yns2.yahoo.com

whitepages.com says:

Jackson, Raymond
224 Cedar Ave
Atwater, CA 95301-4454
(209) 358-8510

Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-chat/attachments/20041024/e56fc758/attachment.bin

More information about the freebsd-chat mailing list