CVE - CVE-2015-1336

CVE-ID
CVE-2015-1336	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:79723 URL:http://www.securityfocus.com/bid/79723 CONFIRM:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357 GENTOO:GLSA-201707-12 URL:https://security.gentoo.org/glsa/201707-12 MISC:http://packetstormsecurity.com/files/140759/Man-db-2.6.7.1-Privilege-Escalation.html MISC:http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.html MISC:http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/ MISC:https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786 MLIST:[oss-security] 20151214 Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness URL:http://www.openwall.com/lists/oss-security/2015/12/14/11
Assigning CNA
Canonical Ltd.
Date Record Created
20150122	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150122)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)