Originally Published: Wednesday, 9 August 2000 Author: Alexander Reelsen
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Dangerous LIDS security flaw

A vulnerability exists in LIDS, the Linux Intrusion Detection System, version 0.9.7 for the 2.2.16 kernel. If LIDS is disabled using the 'security=0' option at boot time, all users logging in to the system will effectively be able to behave as root. All filesystem checks are disabled, and it is likely other privileged actions can also be performed.