Linux OS faces growing tide of attacks
- By William Jackson
- Feb 20, 2004
A pair of security flaws reported in some Linux kernels could let local users execute arbitrary code on systems running the affected versions of the operating system.
A vulnerability in the ncp_lookup of the Linux 2.6 kernel could let a local user get elevated privileges on the system. A flaw in the memory remapping system call in versions of the 2.2, 2.4 and 2.6 kernels could give a user root access.
The vulnerabilities, reported by Security Tracker, have come about the same time as a study that found Linux to be the most hacked server operating system in government.
The study, by British security consulting firm mi2g Ltd., said attacks on Linux outpaced those on Microsoft Windows for the first time in January. The study focused only on direct digital attacks carried out by hackers, rather than on exploits by worms and viruses, which have primarily targeted Windows systems.
Linux accounted for 57 percent of successful attacks on government systems studied, followed by Windows at 35 percent. This is in sharp contrast to August, when Windows accounted for 51 percent of successful attacks and Linux just 14 percent. For the first time, the study found no successful attacks against government servers running the Berkley Software Distribution family of open-source systems, or the Mac OS X, based on the Darwin open-source kernel.
'The swift adoption of Linux last year within the online government community, coupled with inadequate training and knowledge on how to keep that environment secure, has contributed' to the shift, said D.K. Matai, mi2g executive chairman.
Fixes have been released for both new Linux vulnerabilities. Information on the vulnerabilities and on the fixed versions is available online at www.securitytracker.com
William Jackson is a Maryland-based freelance writer.