One of the developers of the original Linux core has posted a vulnerability notice with details of a flaw that could allow a local user to assume control of a Linux computer.
Alan Cox, who worked with Linus Torvalds on the software that spawned the Linux operating system, sent an e-mail message to a mailing list for Linux kernel developers detailing a flaw in a debugging component known as ptrace. The flaw affects the Linux 2.2 and Linux 2.4 kernels, and a patch is available at http://www.spinics.net/lists/kernel/msg162986.html
Remote users could not use the flaw to obtain root privileges, or control of individual machines, Cox said in the e-mail. Only users who are already authorised to use a machine on a local network could exploit the flaw. Version 2.5 of Linux was unaffected.
Cox's employer, Red Hat, also posted a patch for Red Hat 7.1, 7.2, 7.3, and 8.0 at https://rhn.redhat.com/errata/RHSA-2003-098.html?tag=nl