From owner-freebsd-chat@FreeBSD.ORG Mon Oct 25 04:13:24 2004 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A838316A4CE for ; Mon, 25 Oct 2004 04:13:24 +0000 (GMT) Received: from stelesys.com (web1.stelesys.com [63.175.100.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EDA943D1D for ; Mon, 25 Oct 2004 04:13:24 +0000 (GMT) (envelope-from jerry@syslog.org) Received: from [127.0.0.1] (helo=www.stelesys.com) by stelesys.com with esmtpa (Exim 4.43 (FreeBSD)) id 1CLwEV-000Hfh-Gw for freebsd-chat@freebsd.org; Mon, 25 Oct 2004 00:13:23 -0400 Received: from 24.98.86.57 (SquirrelMail authenticated user jerry@syslog.org); by www.stelesys.com with HTTP; Mon, 25 Oct 2004 00:13:23 -0400 (EDT) Message-ID: <3744.24.98.86.57.1098677603.squirrel@24.98.86.57> In-Reply-To: References: <200410242157.i9OLvRtV011244@2ens11.uta.edu> Date: Mon, 25 Oct 2004 00:13:23 -0400 (EDT) From: "Jerry Bell" To: freebsd-chat@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Re: RedHat: Buffer Overflow in 'ls' and 'mkdir' X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Oct 2004 04:13:24 -0000 A healthy bit of skepticism goes a long way. I choked on the first sentence: "Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges." The word "remote" stands out like a sore thumb to me. Jerry http://www.syslog.org