man-db up to 2.7.6.1 ManDB Cleanup /var/cache/man access control

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, was found in man-db up to 2.7.6.1. Affected is an unknown function of the file /var/cache/man of the component ManDB Cleanup. Upgrading to version 2.7.6.1-1 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field09/28/2017 11:00 AM11/20/2019 08:41 AM01/14/2021 03:24 PM
nameman-dbman-dbman-db
version<=2.7.6.1<=2.7.6.1<=2.7.6.1
componentManDB CleanupManDB CleanupManDB Cleanup
file/var/cache/man/var/cache/man/var/cache/man
cwe284 (privilege escalation)284 (privilege escalation)284 (privilege escalation)
risk111
cvss2_vuldb_basescore4.14.14.1
cvss2_vuldb_tempscore3.63.63.6
cvss2_vuldb_avLLL
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avLLL
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore6.56.56.5
cvss3_meta_tempscore6.36.36.3
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1506556800 (09/28/2017)1506556800 (09/28/2017)1506556800 (09/28/2017)
locationoss-secoss-secoss-sec
urlhttp://www.openwall.com/lists/oss-security/2015/12/14/11http://www.openwall.com/lists/oss-security/2015/12/14/11http://www.openwall.com/lists/oss-security/2015/12/14/11
confirm_urlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
upgrade_version2.7.6.1-12.7.6.1-12.7.6.1-1
cveCVE-2015-1336CVE-2015-1336CVE-2015-1336
cve_assigned142188480014218848001421884800
cve_nvd_published150647040015064704001506470400
cve_nvd_summaryThe daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
securityfocus797237972379723
securityfocus_titleUbuntu Vivid CVE-2015-1336 Local Privilege Escalation VulnerabilityUbuntu Vivid CVE-2015-1336 Local Privilege Escalation VulnerabilityUbuntu Vivid CVE-2015-1336 Local Privilege Escalation Vulnerability
nessus_id101343101343101343
nessus_nameGLSA-201707-12 : MAN DB: Privilege escalationGLSA-201707-12 : MAN DB: Privilege escalationGLSA-201707-12 : MAN DB: Privilege escalation
nessus_filenamegentoo_GLSA-201707-12.naslgentoo_GLSA-201707-12.naslgentoo_GLSA-201707-12.nasl
nessus_riskHighHighHigh
nessus_familyGentoo Local Security ChecksGentoo Local Security ChecksGentoo Local Security Checks
nessus_typelocallocallocal
nessus_date1499644800 (07/10/2017)1499644800 (07/10/2017)1499644800 (07/10/2017)
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
0day_days163163163
cvss3_nvd_basescore7.87.87.8
discoverydate14854752001485475200
person_nicknamehalfdoghalfdog
date1499558400 (07/09/2017)1499558400 (07/09/2017)
securityfocus_date1450310400 (12/17/2015)1450310400 (12/17/2015)
securityfocus_classDesign ErrorDesign Error
person_namehalfdog
cvss2_nvd_basescore7.2

Interested in the pricing of exploits?

See the underground prices here!