CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-25078
https://notcve.org/view.php?id=CVE-2018-25078
man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.) • https://bugs.gentoo.org/662438 https://security.gentoo.org/glsa/202310-08 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 3CVE-2015-1336 – Man-db 2.6.7.1 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1336
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. Las tareas de limpieza diarias mandb en Man-db en versiones anteriores a la 2.7.6.1-1 tal y como se distribuye en Ubuntu y Debian permiten que usuarios locales con acceso a la cuenta "man" ganen privilegios mediante vectores que implican el uso inseguro de la función chown. Man-db version 2.6.7.1 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/41158 http://packetstormsecurity.com/files/140759/Man-db-2.6.7.1-Privilege-Escalation.html http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.html http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation http://www.openwall.com/lists/oss-security/2015/12/14/11 http://www.securityfocus.com/bid/79723 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357 https://bugs.launchpad.net/ubuntu/+source/man-db/+ • CWE-284: Improper Access Control •