[Full-disclosure] Linux kernel source archive vulnerable
Hadmut Danisch
hadmut at danisch.de
Fri Sep 8 17:55:30 BST 2006
On Thu, Sep 07, 2006 at 05:04:39PM -0400, Troy Cregger wrote:
>
> kernel-2.6.17-gentoo-r7 seems OK.
>
> $ find /usr/src/linux-2.6.17-gentoo-r7/ -perm -666 ! -type l | wc -l
> 0
> $
The debian kernel is OK as well.
It's just the upstream kernel which has this flaw.
But this shows that gentoo and debian don't follow the alleged need
for these permissions either.
Ironically, if Microsoft distributed such files everyone would shout
"hidden backdoor!"
regards
Hadmut
Full-Disclosure is hosted and sponsored by Secunia.