[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] FAKE: RedHat: Buffer Overflow in "ls" and "mkdir"

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] FAKE: RedHat: Buffer Overflow in "ls" and "mkdir"
From: Stephen Jimson <alf1num3rik@xxxxxxxxx>
Date: Tue, 26 Oct 2004 02:57:59 -0700 (PDT)

<snip from the ISC's SANS>
The k-otik folks have an analysis of the bad things
that might happen if you follow the instructions in
the fake RedHat advisory that was reported in
yesterday's diary:

http://www.k-otik.com/news/FakeRedhatPatchAnalysis.txt

<snip>

the source code is also there

Steph


--- Brett Campbell <brett@xxxxxxxxxxxxxxx> wrote:

> On Sun, Oct 24, 2004 at 06:18:41PM -0700, Andrew
> Farmer wrote:
> <snip> 
> > I did a quickie analysis of the program (which is
> basically just 
> > distributed as source!).
> <snip>
> 
> when did you get a hold of the tarball? they must've
> yanked the record
> for www.fedora-redhat.com ... it can't be resolved
> in any way.
> 
> pretty interesting (and pathetic) anyways, nice
> detective work.
> 
> -- 
> [ Brett R. Campbell ]
>  -> Configuration Management / Systems
> Administration
>  -> Collaborative Agent Design Research Center
>  -> California Polytechnic State University, SLO, CA
> 


                
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Q: Linux Command Line Encryption
Next by Date: [Full-Disclosure] SUSE Security Announcement: xpdf, gpdf, kpdf, pdftohtml, cups (SUSE-SA:2004:039)
Previous by thread: [Full-Disclosure] FAKE: RedHat: Buffer Overflow in "ls" and "mkdir"
Next by thread: [Full-Disclosure] STG Security Advisory: [SSA-20041022-08] MoniWiki XSS vulnerability
Index(es):
- Date
- Thread