Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Fault found at Linux core

Dec 5, 2003 1:36AM PST

By Mark Street [05-12-2003]
Critical vulnerability allows full root access

Linux users have been advised to upgrade to the latest stable kernel, after the discovery of a critical vulnerability in the core code.
System administrators will have to oversee kernel upgrades to remove the flaw, provisionally called CAN-2003-0961, which enables attackers to gain root access to vulnerable machines, yielding complete control, according to security analysts.

But worm attacks are unlikely, as the exploit requires a local user account.

Because the flaw is in the Linux kernel, the problem affects virtually every distribution of the operating system and several vendors have already confirmed that their products are vulnerable.

The vulnerability is in all releases of the kernel from version 2.4.0 to 2.5.69, but has been fixed in 2.4.23 and the 2.6.0 beta.

The Debian Project development team identified the flaw after their servers were compromised last month.

http://www.vnunet.com/News/1151307

Discussion is locked