Date: Mon, 25 Oct 2004 06:50:35 -0400 From: Don Tyson <tyson@stanfordalumni.org> To: Matt Navarre <mnavarre@cox.net> Cc: freebsd-questions@freebsd.org Subject: Re: RedHat: Buffer Overflow in "ls" and "mkdir" Message-ID: <E1CM2Qu-0002Mh-00@pop-a065d01.pas.sa.earthlink.net> In-Reply-To: Your message of "Mon, 25 Oct 2004 00:23:15 PDT." <200410250023.15969.mnavarre@cox.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Monday 25 October 2004 12:07, Dave Horsfall wrote: > > On Sun, 24 Oct 2004, Matt Navarre wrote: > > > Isn't linux_base based on RedHat? There are ls and mkdir binaries in > > > /usr/compat/linux/bin, I suppose those could be affected by this. > > > > Over on Full-Disclosure they reckon it's a trojan, as it's unsigned and > > not in the usual format for such announcements. > > > Yeah, it is. http://www.redhat.com/security/ Actuallly, it's not. According to the RedHat page you cite above, security alerts are sent by: secalert@redhat.com The From: line in the bogus message is: From: RedHat Security Team <security@redhat.com> Apparently, the sender couldn't be bothered to get it right. Don
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1CM2Qu-0002Mh-00>