A vulnerability in MAN DB allows local users to gain root privileges.
|Package||sys-apps/man-db on all architectures|
|Affected versions||< 220.127.116.11-r2|
|Unaffected versions||>= 18.104.22.168-r2|
MAN DB is a man replacement that utilizes BerkelyDB instead of flat files.
The /var/cache/man directory as part of the MAN DB package has group permissions set to root.
A local user who does not belong to the root group, but has the ability to modify the /var/cache/man directory can escalate privileges to the group root.
There is no known workaround at this time.
All MAN DB users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/man-db-22.214.171.124-r2:0"
July 09, 2017
August 06, 2017: 2