Red Hat Inc. sent users a warning today about a fake e-mail that asked users to install a patch for a vulnerability in fileutils (ls and mkidir). The patch was actually a file that could allow a remote attacker to execute arbitrary code with root privileges in some Red Hat Linux distributions.
The attack arrived in the form of phishing scam from the fake e-mail address "firstname.lastname@example.org" and was first spotted late Friday. The heading of the e-mail read "Red Hat: Buffer Overflow in 'ls' and mk'dir'" and contained instructions on how to install a patch that Red Hat said may contain malicious code.
Red Hat said its official security messages are never unsolicited, are only sent from email@example.com and are digitally signed using GNU Privacy Guard keys.
Pete Lindstrom, an analyst at Malvern, Penn.-based Spire Security, said no individual vulnerability is a big deal in and of itself.
"Ultimately these things are found at the pace of 10 a day, some are more of a sign than others," he said. "What matters is if someone picks up on it and writes an exploit and allows folks to compromise [the application]."
Lindstrom said that these vulnerabilities are what security analysts and antivirus companies are always looking out for, and that the "bottom line is every piece of software is vulnerable."
"The fact that Microsoft is alone is silly and the idea that open source can be compromised is only recently being popularly recognized," he said. "If enough people focus on a particular problem they are going to come up with a vulnerability.
"That's true for all software whether it is packaged or open source, Microsoft or not," Lindstrom said.that's true for all software whether it is packaged or open source, Microsoft or not
Let us know what you think about the story; e-mail: Jack Loftus, News Writer