From owner-freebsd-questions@FreeBSD.ORG Mon Oct 25 10:50:36 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F1A616A4CE for ; Mon, 25 Oct 2004 10:50:36 +0000 (GMT) Received: from pop-a065d01.pas.sa.earthlink.net (pop-a065d01.pas.sa.earthlink.net [207.217.121.248]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4AAF043D1F for ; Mon, 25 Oct 2004 10:50:36 +0000 (GMT) (envelope-from tyson@stanfordalumni.org) Received: from pool-138-88-200-233.res.east.verizon.net ([138.88.200.233] helo=orange) by pop-a065d01.pas.sa.earthlink.net with esmtp (Exim 3.33 #1) id 1CM2Qu-0002Mh-00; Mon, 25 Oct 2004 03:50:36 -0700 From: Don Tyson To: Matt Navarre In-Reply-To: Your message of "Mon, 25 Oct 2004 00:23:15 PDT." <200410250023.15969.mnavarre@cox.net> Date: Mon, 25 Oct 2004 06:50:35 -0400 Message-Id: cc: freebsd-questions@freebsd.org Subject: Re: RedHat: Buffer Overflow in "ls" and "mkdir" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Oct 2004 10:50:36 -0000 > On Monday 25 October 2004 12:07, Dave Horsfall wrote: > > On Sun, 24 Oct 2004, Matt Navarre wrote: > > > Isn't linux_base based on RedHat? There are ls and mkdir binaries in > > > /usr/compat/linux/bin, I suppose those could be affected by this. > > > > Over on Full-Disclosure they reckon it's a trojan, as it's unsigned and > > not in the usual format for such announcements. > > > Yeah, it is. http://www.redhat.com/security/ Actuallly, it's not. According to the RedHat page you cite above, security alerts are sent by: secalert@redhat.com The From: line in the bogus message is: From: RedHat Security Team Apparently, the sender couldn't be bothered to get it right. Don