Much beloved, in part for its superior level of security over other operating systems [cough, Windows], Linux is not invulnerable. Writing for our sister site, LinuxPlanet, Sean Michael Kerner reports that the Linux kernel has actually been at risk from a flaw since 2003. The vulnerability has been patched in the mainline Linux kernel, but have all the Linux distros implemented the patch?

From the LinuxPlanet story:

The Linux kernel has potentially been at risk from a flaw that has been present in Linux since 2003, according to a new finding from security researcher Invisible Things Lab. And while the flaw has now been patched in the mainline Linux kernel, it's not clear yet if all Linux distros have implemented the patch -- potentially leaving them open to exploitation by attackers.

Security researcher Rafal Wojtczuk from Invisible Things Lab detailed the kernel flaw in a report (PDF format) released officially this week, although Linux developers and distros have been aware of the issue since at least June.

"A malicious authenticated client can force Xorg server to exhaust (or fragment) its address space," Wojtczuk wrote. "If running on Linux, this may result in the process stack top being in an unexpected region and execution of arbitrary code with server privileges (root)."

Invisible Things Labs CEO Joanna Rutkowska added in a blog post that the unpatched flaw could have enabled any GUI application that could be compromised -- a PDF viewer, for example -- to bypass Linux security and potentially take over the system. Rutkowska is well known in the security community for her Black Hat research into Windows Vista and Intel security issues.

Find the full story here.