MAN DB: Privilege escalation — GLSA 201707-12

A vulnerability in MAN DB allows local users to gain root privileges.

Affected Packages

sys-apps/man-db on all architectures
Affected versions < 2.7.6.1-r2
Unaffected versions >= 2.7.6.1-r2

Background

MAN DB is a man replacement that utilizes BerkelyDB instead of flat files.

Description

The /var/cache/man directory as part of the MAN DB package has group permissions set to root.

Impact

A local user who does not belong to the root group, but has the ability to modify the /var/cache/man directory can escalate privileges to the group root.

Workaround

There is no known workaround at this time.

Resolution

All MAN DB users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/man-db-2.7.6.1-r2:0"
 

References

Release Date
July 09, 2017

Latest Revision
August 06, 2017: 2

Severity
high

Exploitable
local

Bugzilla entries