PT-2023-10819 · Man Db+1 · Man-Db+1

Michael Orlitzky

Publicado

2019-07-01

Atualizado

2023-10-08

CVE-2018-25078

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions man-db versions prior to 2.8.5

Description The issue allows local users with access to the man user account to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. Additionally, the owner can strip the setuid and setgid bits.

Recommendations For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue. As a temporary workaround, consider changing the ownership of /usr/bin/mandb to root to prevent exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-250

Identificadores relacionados

ALT-PU-2019-2192

ALT-PU-2019-3123

CVE-2018-25078

Produtos afetados

Alt Linux

Man-Db

PT-2023-10819 · Man Db+1 · Man-Db+1

CVE-2018-25078

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6