Michael S. Mimoso submitted, "A dangerous vulnerability in the Linux kernel is at the heart of a recent attack on the Debian Project's development servers. The flaw, an integer overflow in the brk system call, enabled an attacker to compromise . . .
Michael S. Mimoso submitted, "A dangerous vulnerability in the Linux kernel is at the heart of a recent attack on the Debian Project's development servers. The flaw, an integer overflow in the brk system call, enabled an attacker to compromise four Debian servers, sniff several passwords and install a root kit used to hit other servers. Debian said that the servers housing its code base were not attacked. The hole was discovered in September by 2.6 kernel maintainer Andrew Morton, but was not fixed in time for the release of the 2.4.22 kernel. Version 2.4.23, which was released late Friday night, as well as the 2.6.0 test kernel have been patched, according to an advisory from service provide TruSecure Corp. "

The link for this article located at Michael S. Mimoso is no longer available.