CVE-2006-4663

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.16 through 2.6.17.11

Description The issue concerns weak permissions in the source code tar archive of the Linux kernel, potentially allowing local users to insert malicious code that could be used during the next kernel compilation. However, it's noted that another researcher disputes this, finding no world-writable files or directories. The weak permissions might only be present under certain unusual or insecure scenarios.

Recommendations For Linux kernel versions 2.6.16 through 2.6.17.11, consider changing the permissions of the affected files and directories to prevent local users from inserting Trojan horse source code. As a temporary workaround, restrict access to the kernel compilation process to minimize the risk of exploitation.