One of the developers of the original Linux core posted a vulnerability notice Monday with details of a flaw that could allow a local user to assume control of a Linux computer.
Alan Cox, who worked with Linus Torvalds on the software that spawned the Linux operating system, sent an e-mail message to a mailing list for Linux kernel developers detailing a flaw in a debugging component known as ptrace. The flaw affects the Linux 2.2 and Linux 2.4 kernels, and a patch is available at http://www.spinics.net/lists/kernel/msg162986.html.
Remote users could not use the flaw to obtain root privileges, or control of individual machines, Cox said in the e-mail. Only users who are already authorized to use a machine on a local network could exploit the flaw. Version 2.5 of Linux was not affected, he said.
Cox's employer, Red Hat Inc., also posted a patch for Red Hat 7.1, 7.2, 7.3, and 8.0 at https://rhn.redhat.com/errata/RHSA-2003-098.html?tag=nl.