MAN DB: Privilege escalation — GLSA 201707-12

A vulnerability in MAN DB allows local users to gain root privileges.

Affected packages

Package 	sys-apps/man-db on all architectures
Affected versions 	< 2.7.6.1-r2
Unaffected versions 	>= 2.7.6.1-r2

Background

MAN DB is a man replacement that utilizes BerkelyDB instead of flat files.

Description

The /var/cache/man directory as part of the MAN DB package has group permissions set to root.

Impact

A local user who does not belong to the root group, but has the ability to modify the /var/cache/man directory can escalate privileges to the group root.

Workaround

There is no known workaround at this time.

Resolution

All MAN DB users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/man-db-2.7.6.1-r2:0"
 

References

    CVE-2015-1336