Eight-year-old critical bug found in Linux kernel

Developers have issued an update to patch a critical bug that has just been discovered in the Linux kernel. This serious vulnerability puts the kernel--and the entire server by extension--open to being taken over via local privilege escalation. You can check out the full disclosure here. It is shocking how this bug has existed undetected for over eight years, and affects all 2.4 and 2.6 branches of the Linux kernel since May 2001.

According to security researchers Julien Tinnes and Tavis Ormandy who discovered the flaw, it took just a few minutes to craft a proof-of-concept against this bug from an earlier exploit they had. At the moment, the full repercussions of this flaw in the various distributions of Linux are still being examined. I would recommend that administrators patch it up as soon as possible, though. You can get additional details of the interim patch here.

For more on this story:
- check out this article at The Register

Related Articles:
Microsoft submits source code for Linux kernel
Torvalds: Not easy to become major Linux coder