20 Mar 2003 12:03
Programmers disclosed a security hole this week in a part of the heart of the Linux operating system that could let users of a machine take it over even if they don't have privileges to do so.
The vulnerability affects both the 2.2 and 2.4 series of Linux kernels, said Alan Cox, one of the key deputies of Linux founder Linus Torvalds in the Linux programming community. Those kernels are at the centre of several Linux products released recently from companies such as Red Hat and SuSE.
The problem could let "local" computer users -- those with permission to log on to a machine -- to gain "root" access and take complete control of the machine, Cox said. Such local vulnerabilities are considered less severe than remote ones that let attackers over a network take over a machine even if they don't have a basic user account on it.
The problem affected the "ptrace" component of Linux, which is used to help find bugs in software.
Cox and Linux distributor Red Hat both submitted patches to fix the problem on Monday.
A recent spate of security problems have cropped up in several open-source programs. Earlier this week, programmers disclosed a vulnerability in the Samba package used to share files between Windows, Linux and Unix systems that could let attackers across a network take over a computer. In addition, a recent problem in the open-source Sendmail email server software opened up the possibility of network-based attacks.
Let the editors know what you think in the Mailroom.
Copyright © 1995-2008 CNET Networks, Inc. All rights reserved
ZDNET is a registered service mark of CNET Networks, Inc. ZDNET Logo is a service mark of CNET Networks, Inc.