1. Home
  2. CVE Database
  3. CVE-2006-4663
HIGH · 7.8

CVE-2006-4663

The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local use...

Vulnerability Description

The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local users to insert Trojan horse source code that would be used during the next kernel compilation. NOTE: another researcher disputes the vulnerability, stating that he finds "Not a single world-writable file or directory." CVE analysis as of 20060908 indicates that permissions will only be weak under certain unusual or insecure scenarios

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LinuxLinux Kernel2.6.16

References

FAQ

What is CVE-2006-4663?

CVE-2006-4663 is a vulnerability with a CVSS score of 7.8 (HIGH). The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local use...

How severe is CVE-2006-4663?

CVE-2006-4663 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-4663?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.