7.8
CVE-2015-1336
- EPSS 1.05%
- Veröffentlicht 28.09.2017 01:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle security@ubuntu.com
- CVE-Watchlists
- Unerledigt
LoginThe daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Man-db Project ≫ Man-db Version <= 2.7.6.1
Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Man-db Project ≫ Man-db Version <= 2.7.6.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.05% | 0.597 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
http://packetstormsecurity.com/files/140759/Man-db-2.6.7.1-Privilege-Escalation.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.html
http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/
http://www.openwall.com/lists/oss-security/2015/12/14/11
http://www.securityfocus.com/bid/79723
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357
https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786
https://security.gentoo.org/glsa/201707-12