Flaw in Linux kernel allows attack

Discussion in 'News' started by SimonV, Dec 2, 2003.

  1. SimonV
    Honorary Member

    SimonV Petabyte Poster Gold Member

    [​IMG]<font size="3">Flaw in Linux kernel allows attack</font>

    The Debian Project warned on Monday that a flaw in the Linux kernel helped attackers compromise four of the open-source software project's development servers. During several intrusions Nov. 19, the flaw enabled an attacker who already had access to a server to remove the limitations that protected the system from everyday users. The technique is known as a privilege escalation.

    Members of the development team found the flaw in September and fixed the latest version of the core Linux software, or kernel. The fix came a bit late, however. The latest version of the kernel, 2.4.23, was released Friday, eight days after the Debian breach. The Debian Project, which uses only truly open-source software in its make-up, stressed that the breaches hadn't affected the project's code base.

    "Fortunately, we require developers to sign the upload (software) digitally," said Martin Schulze, a developer and member of the project. "These files are stored off-site as well, which were used as a basis for a recheck." The development team promised to lock all developer accounts until the flaw had been found and fixed. The team published patches for the flaw on Monday as well but didn't specify when the accounts would be unlocked.

    News source: c|net
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...


    1. Sandy
      So it is not just MS who have problems :!:

    Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.