|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Wednesday, 9 August 2000||Author: Alexander Reelsen|
|Published to: news_enhance_security/Security News||Page: 1/1 - [Printable]|
Dangerous LIDS security flaw
A vulnerability exists in LIDS, the Linux Intrusion Detection System, version 0.9.7 for the 2.2.16 kernel. If LIDS is disabled using the 'security=0' option at boot time, all users logging in to the system will effectively be able to behave as root. All filesystem checks are disabled, and it is likely other privileged actions can also be performed.