Linux vulnerability discovered that allows root access

One of the developers of the original Linux core posted a vulnerability notice Monday with details of a flaw that could allow a local user to assume control of a Linux computer.

Alan Cox, who worked with Linus Torvalds on the software that spawned the Linux operating system, sent an e-mail message to a mailing list for Linux kernel developers detailing a flaw in a debugging component known as ptrace. The flaw affects the Linux 2.2 and Linux 2.4 kernels, and a patch is available.

Remote users could not use the flaw to obtain root privileges or control of individual machines, Cox said in the e-mail. Only users who are already authorized to use a machine on a local network could exploit the flaw. Version 2.5 of Linux was not affected, he said.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

One of the developers of the original Linux core posted a vulnerability notice Monday with details of a flaw that could allow a local user to assume control of a Linux computer.

Alan Cox, who worked with Linus Torvalds on the software that spawned the Linux operating system, sent an e-mail message to a mailing list for Linux kernel developers detailing a flaw in a debugging component known as ptrace. The flaw affects the Linux 2.2 and Linux 2.4 kernels, and a patch is available.

Remote users could not use the flaw to obtain root privileges or control of individual machines, Cox said in the e-mail. Only users who are already authorized to use a machine on a local network could exploit the flaw. Version 2.5 of Linux was not affected, he said.

Cox's employer, Red Hat, also posted a patch for Red Hat 7.1, 7.2, 7.3, and 8.0.

The IDG News Service is a Network World affiliate.