N/A

The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local users to insert Trojan horse source code that would be used during the next kernel compilation. NOTE: another researcher disputes the vulnerability, stating that he finds "Not a single world-writable file or directory." CVE analysis as of 20060908 indicates that permissions will only be weak under certain unusual or insecure scenarios

N/A

N/A

Linux kernel 安全漏洞

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞，Linux kernel 2.6.16、2.6.17.11及可能的其他版本的源代码tar归档，对某些文件和目录指定了较弱的许可权(0666和0777)，这可能让本地用户插入将在下次内核编译期间使用的特洛伊木马源代码。注意：另一研究者对此漏洞有争议，声称他发现"并非单个全域可写的文件或目录"。截至2006年9月8日，CVE分析指出仅在某些异常或不安全的情境下许可权才较弱。

N/A

N/A