By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The vulnerability could allow malicious users to bring down Linux machines with just 24 lines of code, which are available from several open source websites and internet news groups.
The lines of C code, dubbed "evil.c", can crash several versions of the Linux kernel, including 2.4.2 and 2.6 variations, locking whole systems, said a bulletin by ¯yvind S¾ther of linuxreviews .org, one of the websites that has published the code.
The availability of the source code will focus attention on how open source security should be co-ordinated, according to Graham Taylor, principal analyst at Ovum.
"At the moment there is no central point of co-ordination for Linux security, which could lead to anarchic support," he said.
Linux distributor SuSE released a kernel patch on 16 June to fix the problem. The Linux distributor downplayed the significance of the exploit, giving it a "low risk" rating, since it said a hacker would need access to the Linux machine in order to run an attack.
The malicious user would require shell access, or other means of uploading and running the program, for example cgi-bin or FTP access. Such access is readily available to users of hosted Linux services, such as those provided by internet service providers.
Mike Davis, senior research analyst at Butler Group, said users would generally configure their Linux systems in a way that should limit damage.
He said, "Most professional organisations would not allow FTP access outside their organisations, so it is down to the internal threat."
Davis commented that threats like this were helping to put Linux on a par with Microsoft in the enterprise.
"One could take this as an indicator that Linux is getting more popular - it is attacked because it is getting bigger," he said.