PT-2017-6482 · Man Db+1 · Man-Db+1
Halfdog
·
Published
2017-09-27
·
Updated
2022-03-17
·
CVE-2015-1336
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Man-db versions prior to 2.7.6.1-1
Description
The issue concerns the daily mandb cleanup job in Man-db, which allows local users with access to the 'man' account to gain privileges. This is achieved through vectors involving the insecure use of the
chown function.Recommendations
For Man-db versions prior to 2.7.6.1-1, update to version 2.7.6.1-1 or later to resolve the issue.
As a temporary workaround, consider restricting access to the 'man' account to minimize the risk of exploitation.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Man-Db
Ubuntu