Man Db
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1336 | Hig | 0.54 | 7.8 | 0.01 | Sep 28, 2017 | The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. | ||
| CVE-2003-0645 | 0.03 | — | 0.01 | Aug 27, 2003 | man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges. | |||
| CVE-2003-0620 | 0.03 | — | 0.01 | Aug 27, 2003 | Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to… | |||
| CVE-1999-0730 | 0.03 | — | 0.04 | Jun 12, 1999 | The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack. | |||
| CVE-2018-25078 | 0.00 | — | 0.00 | Jan 25, 2023 | man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.) |
- risk 0.54cvss 7.8epss 0.01
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
- CVE-2003-0645Aug 27, 2003risk 0.03cvss —epss 0.01
man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges.
- CVE-2003-0620Aug 27, 2003risk 0.03cvss —epss 0.01
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to…
- CVE-1999-0730Jun 12, 1999risk 0.03cvss —epss 0.04
The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.
- CVE-2018-25078Jan 25, 2023risk 0.00cvss —epss 0.00
man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)