1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Flaw in Linux kernel allows attack

Discussion in 'News' started by SimonV, Dec 2, 2003.

  1. SimonV

    SimonV Petabyte Poster Administrator

    6,616
    151
    228
    [​IMG]<font size="3">Flaw in Linux kernel allows attack</font>

    The Debian Project warned on Monday that a flaw in the Linux kernel helped attackers compromise four of the open-source software project's development servers. During several intrusions Nov. 19, the flaw enabled an attacker who already had access to a server to remove the limitations that protected the system from everyday users. The technique is known as a privilege escalation.

    Members of the development team found the flaw in September and fixed the latest version of the core Linux software, or kernel. The fix came a bit late, however. The latest version of the kernel, 2.4.23, was released Friday, eight days after the Debian breach. The Debian Project, which uses only truly open-source software in its make-up, stressed that the breaches hadn't affected the project's code base.

    "Fortunately, we require developers to sign the upload (software) digitally," said Martin Schulze, a developer and member of the project. "These files are stored off-site as well, which were used as a basis for a recheck." The development team promised to lock all developer accounts until the flaw had been found and fixed. The team published patches for the flaw on Monday as well but didn't specify when the accounts would be unlocked.

    News source: c|net
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
porta2_tags:

Comments

    1. Sandy
      Sandy
      So it is not just MS who have problems :!:

    Share This Page