Troyanos en Red Hat y Fedora Fecha Miércoles, 27 de Octubre de 2004 14:23:30 Tema Seguridad El equipo de Red Hat percibió que se han estado enviando emails a su nombre alertando de una vulnerabilidad y para solucionarlo se debe descargar un parche y ejecutarlo. Alerta para todos aquellos que reciban este email: Original issue date: October 20, 2004 Last revised: October 20, 2004 Source: RedHat A complete revision history is at the end of this file. Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected. The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps: * First download the patch from the Stanford RedHat mirror: wget www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz or directly here. * Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz * cd fileutils-1.0.6.patch * make * ./inst Anybody running RedHat and Fedora are strongly adviced to apply this patch! Read more about this vulnerability at www.redhat.com or www.fedora.redhat.com Thank you for your prompt attention to this serious matter, RedHat Security Team. Copyright © 2004 Red Hat, Inc. All rights reserved. Al darse cuenta Red Hat ha publicado esta nota: 23rd October 2004 Red Hat has been made aware that emails are circulating that pretend to come from the Red Hat Security Team. These emails tell users to download and install malicious updates. These trojan updates contain malicious code designed to compromise the systems they are run on. Official messages from the Red Hat security team are never sent unsolicited, are always sent from the address secalert@redhat.com, and are digitally signed by GPG. All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified. For more details see www.redhat.com/security/team/key.html. Enlaces de interés: www.redhat.com Esta supuesta actualización contiene código malicioso para comprometer el sistema. No debe de ser descargada y menos instalarse. Este artículo proviene de Espacio Linux http://www.espaciolinux.com La dirección de este artículo es: http://www.espaciolinux.com/modules.php?name=News&file=article&sid=302