A security bulletin circulated on the Internet late Friday and warned Linux users of a "critical-critical" security hole that could compromise systems and allow root access to a remote attacker. The message and its "patch" were the return of a phishing hoax aimed at Linux users. . . .
A security bulletin circulated on the Internet late Friday and warned Linux users of a "critical-critical" security hole that could compromise systems and allow root access to a remote attacker. The message and its "patch" were the return of a phishing hoax aimed at Linux users.

According to the fake security bulletin, the vulnerability was found in fileutils, the package of essential system utilities that manipulate files on a system. It warned of problem distributions including Red Hat versions 7.2 through 9.0, and Fedora Core 1 and Core 2 as well as others. However, the warning said BSD and Solaris platforms were unaffected by the vulnerability.

"The security bulletin was sent by an individual with malicious intent and not the Red Hat Security Response Team," said Josh Bressers, team member. "The message instructs the recipient to download and run will install a backdoor Trojan on the victim's system."

"Again, please apply this patch as soon as possible or you risk your system and others' to be compromised," the fake bulletin said. It provided a link to a university archive.

The link for this article located at eweek.com is no longer available.