Advertisement
Promo

Security threats Toolkit

Linux flaw allows local attacks

Stephen Shankland, CNET News.com CNET News

Published: 20 Mar 2003 12:03 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Programmers disclosed a security hole this week in a part of the heart of the Linux operating system that could let users of a machine take it over even if they don't have privileges to do so.

The vulnerability affects both the 2.2 and 2.4 series of Linux kernels, said Alan Cox, one of the key deputies of Linux founder Linus Torvalds in the Linux programming community. Those kernels are at the centre of several Linux products released recently from companies such as Red Hat and SuSE.

The problem could let "local" computer users -- those with permission to log on to a machine -- to gain "root" access and take complete control of the machine, Cox said. Such local vulnerabilities are considered less severe than remote ones that let attackers over a network take over a machine even if they don't have a basic user account on it.

The problem affected the "ptrace" component of Linux, which is used to help find bugs in software.

Cox and Linux distributor Red Hat both submitted patches to fix the problem on Monday.

A recent spate of security problems have cropped up in several open-source programs. Earlier this week, programmers disclosed a vulnerability in the Samba package used to share files between Windows, Linux and Unix systems that could let attackers across a network take over a computer. In addition, a recent problem in the open-source Sendmail email server software opened up the possibility of network-based attacks.

For all your GNU/Linux and open source news, from the latest kernel releases to the newest distributions, see ZDNet UK's Linux News Section.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
73 out of 141 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:








Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

5 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters