One of the developers of the original Linux core posted a vulnerability notice Monday with details of a flaw that could allow a local user to assume control of a Linux computer.
Alan Cox, who worked with LinusTorvalds on the software that spawned the Linux operating system, sent an e-mail message to a mailing list for Linux kernel developers detailing a flaw in a debugging component known as ptrace. The flaw affects the Linux 2.2 and Linux 2.4 kernels, and a patch is available at http://www.spinics.net/lists/kernel/msg162986.html
Remote users could not use the flaw to obtain root privileges, or control of individual machines, Cox said in the e-mail. Only users who are already authorized to use a machine on a local network could exploit the flaw. Version 2.5 of Linux was not affected, he said.
Cox's employer, Red Hat, also posted a patch for Red Hat 7.1, 7.2, 7.3, and 8.0 at https://rhn.redhat.com/errata/RHSA-2003-098.html?tag=nl
Sign up to receive Security Resource Alerts
A comprehensive security management solution can help you streamline, as well as grow, your current or evolving business. In this way, a strategic security approach can help you increase your competitiveness in these challenging market conditions.
Download now! »
Find out how you can effectively collect, normalize and archive enterprise-wide, security-related data that is invaluable for security investigation and compliance reporting.
Download now! »
This session focuses on the intersection of role management and identity compliance, and addresses the importance of identity compliance in enterprise governance and the challenges that organizations may face in achieving it.
View now! »
Recommend This
