RedHat: Buffer Overflow in "ls" and "mkdir"
Don Tyson
tyson at stanfordalumni.org
Mon Oct 25 03:50:36 PDT 2004
> On Monday 25 October 2004 12:07, Dave Horsfall wrote:
> > On Sun, 24 Oct 2004, Matt Navarre wrote:
> > > Isn't linux_base based on RedHat? There are ls and mkdir binaries in
> > > /usr/compat/linux/bin, I suppose those could be affected by this.
> >
> > Over on Full-Disclosure they reckon it's a trojan, as it's unsigned and
> > not in the usual format for such announcements.
> >
> Yeah, it is. http://www.redhat.com/security/
Actuallly, it's not. According to the RedHat page you cite above,
security alerts are sent by:
secalert at redhat.com
The From: line in the bogus message is:
From: RedHat Security Team <security at redhat.com>
Apparently, the sender couldn't be bothered to get it right.
Don
More information about the freebsd-questions
mailing list