Linux users have been advised to upgrade to the latest stable kernel, after the discovery of a critical vulnerability in the core code.

System administrators will have to oversee kernel upgrades to remove the flaw, provisionally called CAN-2003-0961, which enables attackers to gain root access to vulnerable machines, yielding complete control, according to security analysts.

But worm attacks are unlikely, as the exploit requires a local user account.

Because the flaw is in the Linux kernel, the problem affects virtually every distribution of the operating system and several vendors have already confirmed that their products are vulnerable.

The vulnerability is in all releases of the kernel from version 2.4.0 to 2.5.69, but has been fixed in 2.4.23 and the 2.6.0 beta.

The Debian Project development team identified the flaw after their servers were compromised last month.

In its advisory note Debian said that the exploit used an integer overflow in the brk system call and that it was possible for an attacker to trick the kernel into giving access to the full kernel address space.

The weakness would allow any local user to escalate their privileges to root, and perform any task they chose on the system, the advisory note said.

Red Hat and the Debian Project have both released notices warning customers of the issue and providing information about fixes.

A raft of Linux-based products from other vendors, including MandrakeSoft, SuSE Linux and SCO, are also vulnerable unless patched.

Experts at security specialist Symantec explained that the flaw was the result of a simple programming error, and that remote attacks from outside the firewall were not possible.

"However this flaw allows kernel-level permission to run exploit code, so it is very powerful," said Kevin Hogan, manager of Symantec's Security Response team.

According to Symantec's analysis, the exploit that the attacker used to compromise the Debian servers is not publicly available, but is apparently circulating in the hacker underground.

Alain Dang Van Mien, of analyst firm Gartner, said the vulnerability showed that good patch management procedures are essential for all operating systems.

"There is always a lot of coverage around flaws in the Microsoft environment, and we forget that Linux can be affected by the same kinds of vulnerabilities," he commented.

In its October Global Internet Security Threat report, Symantec said: "Linux systems may well be the target of future attacks. Malicious-code writers are developing a greater sophistication in programming and more familiarity with the Linux operating system and its applications."

In 1998 Symantec observed the first example of a successful Linux worm, the Linux.ADM.Worm, which exploited a widely known vulnerability and compromised many systems.

However, after this outbreak, there were few successful malicious-code attacks on Linux. This period of inactivity ended with the emergence of the CAN-2002-0656 worm, also known as Linux Slapper, in September 2002.

Get the latest news, views and technology updates in a weekly round up of the Penguin's unstoppable march by signing up to vnunet.com's FREE Linux newsletter here.