VYPR

Man Db

by Man Db Project

CVEs (5)

  • CVE-2015-1336HigSep 28, 2017
    risk 0.54cvss 7.8epss 0.01

    The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.

  • CVE-2003-0645Aug 27, 2003
    risk 0.03cvss epss 0.01

    man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges.

  • CVE-2003-0620Aug 27, 2003
    risk 0.03cvss epss 0.01

    Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to…

  • CVE-1999-0730Jun 12, 1999
    risk 0.03cvss epss 0.04

    The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.

  • CVE-2018-25078Jan 25, 2023
    risk 0.00cvss epss 0.00

    man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)