Joined: 12 May 2004
|Posted: Wed Jul 12, 2017 2:26 pm Post subject: [ glsa 201707-12 ] man db
|Gentoo Linux Security Advisory
Title: MAN DB: Privilege escalation (GLSA 201707-12)
A vulnerability in MAN DB allows local users to gain root
MAN DB is a man replacement that utilizes BerkelyDB instead of flat
Vulnerable: < 220.127.116.11-r2
Unaffected: >= 18.104.22.168-r2
Architectures: All supported architectures
The /var/cache/man directory as part of the MAN DB package has group
permissions set to root.
A local user who does not belong to the root group, but has the ability
to modify the /var/cache/man directory can escalate privileges to the
There is no known workaround at this time.
All MAN DB users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/man-db-22.214.171.124-r2:0"
Last edited by GLSA on Fri Sep 29, 2017 4:16 am; edited 2 times in total