← back
CVE-2015-1336

CVE-2015-1336

EPSS 1.0%
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/140759/Man-db-2.6.7.1-Privilege-Escalation.htmlunverifiedexploitdbwww.exploit-db.com/exploits/41158unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/140759/Man-db-2.6.7.1-Privilege-Escalation.htmlhttp://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786https://security.gentoo.org/glsa/201707-12http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/http://www.openwall.com/lists/oss-security/2015/12/14/11http://www.securityfocus.com/bid/79723