UCE Complaint (Re: UCE Complaint (RHN Errata Alert: Updated KDE packages fix security issue))

Sat Jun 7 08:28:37 UTC 2003

I have received the attached unsolicited e-mail from 
someone at your domain.

I do not wish to receive such messages in the future, so 
please take the appropriate measures to ensure that this 
unsolicited e-mail is not repeated.

From: Martin Konold <martin.konold at erfrakon.de>
Organization: erfrakon
To: kde-www at mail.kde.org
Subject: Re: UCE Complaint (RHN Errata Alert: Updated KDE packages fix security issue)
Date: Sat, 7 Jun 2003 09:51:00 +0200
User-Agent: KMail/1.5.1
References: <BAY5-DAV60CRTYBK1CR00010e46 at hotmail.com>
In-Reply-To: <BAY5-DAV60CRTYBK1CR00010e46 at hotmail.com>
Cc: "Michael" <michaelcose at msn.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200306070951.00101.martin.konold at erfrakon.de>

Am Samstag, 7. Juni 2003 07:02 schrieb Michael:

> I have received the attached unsolicited e-mail from
> someone at your domain.
>
> I do not wish to receive such messages in the future, so
> please take the appropriate measures to ensure that this
> unsolicited e-mail is not repeated.

How do you get the idea that this UCE was sent via our servers?
I cannot find any kde.org server here.

Regards,
--martin

>
> X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP
> Received: from rhn-mail.rdu.redhat.com ([66.187.232.120]) by
> mc5-f23.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 6 Jun
> 2003 17:26:41 -0700 Received: from admin.rdu-colo.redhat.com
> (nat-pix.rdu-colo.redhat.com [10.255.17.200] (may be forged)) by
> rhn-mail.rdu-colo.redhat.com (8.11.6/8.11.6) with ESMTP id h570Qex21007 for
> <michaelcose at msn.com>; Fri, 6 Jun 2003 20:26:40 -0400 Received: from
> admin.rdu-colo.redhat.com (localhost.localdomain [127.0.0.1]) by
> admin.rdu-colo.redhat.com (8.11.6/8.11.6) with ESMTP id h570Ks917018 for
> <michaelcose at msn.com>; Fri, 6 Jun 2003 20:20:54 -0400 Date: Fri, 6 Jun 2003
> 20:20:54 -0400
> Message-Id: <200306070020.h570Ks917018 at admin.rdu-colo.redhat.com>
> Subject: RHN Errata Alert: Updated KDE packages fix security issue
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> X-RHN-Info: Autogenerated mail for mchaelknowjesus
> X-RHN-Email: <michaelcose at msn.com>
> Precedence: first-class
> Errors-To: rhn-bounce+2391518-2948760 at rhn.redhat.com
> From: Red Hat Network Alert <rhn-admin at rhn.redhat.com>
> To: mchaelknowjesus <michaelcose at msn.com>
> X-RHN-Login: mchaelknowjesus
> Return-Path: rhn-bounce+2391518-2948760 at rhn.redhat.com
> X-OriginalArrivalTime: 07 Jun 2003 00:26:41.0913 (UTC)
> FILETIME=[77D68690:01C32C8B] X-SpamKiller-Read: Y
>
> Red Hat Network has determined that the following advisory is applicable to
> one or more of the systems you have registered:
>
> Complete information about this errata can be found at the following
> location: https://rhn.redhat.com/network/errata/errata_details.pxt?eid=1702
>
> Security Advisory - RHSA-2003:192-07
> ---------------------------------------------------------------------------
>--- Summary:
> Updated KDE packages fix security issue
>
> Updated KDE packages that resolve a vulnerability in KDE's SSL
> implementation are now available.
>
> Description:
> KDE is a graphical desktop environment for the X Window System.
>
> KDE versions 2.2.2 and earlier have a vulnerability in their SSL
> implementation that makes it possible for users of Konqueror and other SSL
> enabled KDE software to fall victim to a man-in-the-middle attack.  Red Hat
> Linux 7.1 and 7.2 shipped with KDE packages that are vulnerable to this
> issue.
>
> Users of KDE should upgrade to these erratum packages, which contain KDE
> 2.2.2 with a backported patch to correct this vulnerability.
>
> References:
> http://www.kde.org/info/security/advisory-20030602-1.txt
> ---------------------------------------------------------------------------
>---
>
> -------------
> Taking Action
> -------------
> You may address the issues outlined in this advisory in two ways:
>
>      - select your server name by clicking on its name from the list
>        available at the following location, and then schedule an
>        errata update for it:
>            https://rhn.redhat.com/network/systemlist/system_list.pxt
>
>      - run the Update Agent on each affected server.
>
>
> ---------------------------------
> Changing Notification Preferences
> ---------------------------------
> To enable/disable your Errata Alert preferences globally please log in to
> RHN and navigate from "Your RHN" / "Your Account" to the "Preferences" tab.
>
>         URL: https://rhn.redhat.com/network/my_account/my_prefs.pxt
>
> You can also enable/disable notification on a per system basis by selecting
> an individual system from the "Systems List". From the individual system
> view click the "Details" tab.
>
>
> ----------------
> Affected Systems
> ----------------
> According to our records, this errata may apply to one or more of the
> systems that you've profiled with Red Hat Network.  To see precisely which
> systems are affected, please go to:
>     https://rhn.redhat.com/network/errata/systems_affected.pxt?eid=1702
>
>
>
> The Red Hat Network Team
>
> This message is being sent by Red Hat Network Alert to:
>     RHN user login:        mchaelknowjesus
>     Email address on file: <michaelcose at msn.com>
>
> If you lost your RHN password, you can use the information above to
> retrieve it by email from the following address:
>     https://rhn.redhat.com/forgot_password.pxt
>
> To cancel these notices, go to:
>     https://rhn.redhat.com/oo.pxt?uid=2391518&oid=2948760
>
>
>
>
> _______________________________________________
> kde-www mailing list
> kde-www at mail.kde.org
> http://mail.kde.org/mailman/listinfo/kde-www

-- 
-- martin

Dipl.-Phys. Martin Konold

e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold at erfrakon.de