[Tenchiro]

Serious Linux Security Flaw Found
Tue Dec 2, 9:00 AM ET


Robert McMillan, IDG News Service

A serious vulnerability in the Linux 2.4 kernel has been discovered. The flaw allows users on a Linux machine to gain unlimited access privileges, according to a security advisory posted by developers of the noncommercial Debian Linux distribution.

The bug affects versions of the Linux kernel prior to 2.4.23, and was the method used during a recent attack on Debian's servers, according to the advisory. In that attack four Linux servers that hosted Debian's bug tracking system, mailing lists, and various Web pages were compromised.

MORE...

 

[johnbryanpeters]

December 01, eWEEK

Researchers find serious vulnerability in Linux kernel.

Security professionals took note of a critical new vulnerability in the Linux kernel that could enable an attacker to gain root access to a vulnerable machine and take complete control of it. An unknown hacker recently used this weakness to compromise several of the Debian Project's servers, which led to the discovery of the new vulnerability. This discovery has broad implications for the Linux community. Because the flaw is in the Linux kernel itself, the problem affects virtually every distribution of the operating system and several vendors have confirmed that their products are vulnerable. The vulnerability is in all releases of the kernel from Version 2.4.0 through 2.5.69, but has been fixed in Releases 2.4.23−pre7 and 2.6.0−test6. RedHat Inc. and the Debian Project have both released advisories warning customers of the issue and providing information on fixes. Products from other vendors, including, MandrakeSoft S.A., SuSE Linux AG and Caldera International Inc., are also vulnerable.

Source: http://www.eweek.com/article2/0,4149,1400446,00.asp