Linux serves up triple threat

    Date20 Feb 2004
    3388
    Posted ByAnthony Pell
    Three separate security flaws could be used by an ordinary user to gain total control of a Linux server or workstation, security researchers have warned. Two of the vulnerabilities lie in the way that the Linux kernel -- the core of the open-source operating system -- manages memory. They affect all current versions of Linux, according to advisories released on Wednesday by iSEC Security Research, a Polish security company. The third flaw affects the module for the kernel that supports ATI Technologies' Rage 128-bit video card. . . . Three separate security flaws could be used by an ordinary user to gain total control of a Linux server or workstation, security researchers have warned.

    Two of the vulnerabilities lie in the way that the Linux kernel -- the core of the open-source operating system -- manages memory. They affect all current versions of Linux, according to advisories released on Wednesday by iSEC Security Research, a Polish security company. The third flaw affects the module for the kernel that supports ATI Technologies' Rage 128-bit video card.

    Because Linux is frequently used on shared servers, security holes that allow a user to expand their access rights on a computer are serious, said Alfred Huger, the senior director of engineering for security-software company Symantec. However, they are not as critical as flaws that allow an outsider to compromise the computer, he said.

    "In the grand scheme of things, if an attacker is able to get access to your box, then they could probably get root [control] on your box, anyway," he said. The root user is the standard Linux and Unix name for the person who has complete control of a computer.

    For example, the recently announced flaw in Windows that allows an attacker to remotely execute code on any computer running the Microsoft operating system is a more serious vulnerability. That flaw could allow a worm to spread throughout the vulnerable computers attached to the Internet. The security holes in the Linux kernel are of more use to an attacker looking to compromise a single computer.

    The Linux Kernel Project released a new version of the 2.4 series kernel -- version 2.4.25 -- to fix the vulnerability, the second time this year that it has had to issue an update as a patch. In January, it released the 2.4.24 kernel to fix another flaw iSEC found.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"4","type":"x","order":"1","pct":100,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.