CVE-2015-1336
published 2017-09-28CVE-2015-1336: The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges…
PriorityP343high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
1.05%
59.9th percentile
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | man-db | < man-db 2.7.6-1 (bookworm) | man-db 2.7.6-1 (bookworm) |
| man-db_project | man-db | <= 2.7.6.1 | — |
| man-db_project | man-db | >= 0 < 2.7.6-1 | 2.7.6-1 |
| man-db_project | man-db | >= 0 < 2.7.6-1 | 2.7.6-1 |
| man-db_project | man-db | >= 0 < 2.7.6-1 | 2.7.6-1 |
| man-db_project | man-db | >= 0 < 2.7.6-1 | 2.7.6-1 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
man-db vulnerability
vendor_ubuntu·2022-03-17
CVE-2015-1336 man-db vulnerability
Title: man-db vulnerability
Summary: man-db could be made to overwrite file and directory permissions.
It was discovered that man-db incorrectly handled permission changing
operations in its daily cron job, and was therefore affected by a race
condition. An attacker could possibly use this issue to escalate privileges
and execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
man-db: TOCTOU bug when processing catman pages
vendor_redhat·2015-12-13·CVSS 7.8
CVE-2015-1336 [HIGH] CWE-367 man-db: TOCTOU bug when processing catman pages
man-db: TOCTOU bug when processing catman pages
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
Package: man-db (Red Hat Enterprise Linux 7) - Not affected
Red Hat
webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)
vendor_redhat·2015-01-26·CVSS 6.8
CVE-2014-1336 [MEDIUM] webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)
webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Will not fix
Package: webkitgtk3 (Red Hat Enterprise Linux
Debian
CVE-2015-1336: man-db - The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and...
vendor_debian·2015·CVSS 7.8
CVE-2015-1336 [HIGH] CVE-2015-1336: man-db - The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and...
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
Scope: local
bookworm: resolved (fixed in 2.7.6-1)
bullseye: resolved (fixed in 2.7.6-1)
forky: resolved (fixed in 2.7.6-1)
sid: resolved (fixed in 2.7.6-1)
trixie: resolved (fixed in 2.7.6-1)
GHSA
GHSA-v8g2-q7cg-qvg6: The daily mandb cleanup job in Man-db before 2
ghsa_unreviewed·2022-05-17
CVE-2015-1336 [HIGH] CWE-284 GHSA-v8g2-q7cg-qvg6: The daily mandb cleanup job in Man-db before 2
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
OSV
CVE-2015-1336: The daily mandb cleanup job in Man-db before 2
osv·2017-09-28·CVSS 7.8
CVE-2015-1336 [HIGH] CVE-2015-1336: The daily mandb cleanup job in Man-db before 2
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
No detection rules found.
Exploit-DB
Cisco EPC 3928 - Multiple Vulnerabilities
exploitdb·2016-06-07·CVSS 7.5
CVE-2016-1337 [HIGH] Cisco EPC 3928 - Multiple Vulnerabilities
Cisco EPC 3928 - Multiple Vulnerabilities
---
# Title: Cisco EPC 3928 Multiple Vulnerabilities
# Vendor: http://www.cisco.com/
# Vulnerable Version(s): Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway
# CVE References: CVE-2015-6401 / CVE-2015-6402 / CVE-2016-1328 / CVE-2016-1336 / CVE-2016-1337
# Author: Patryk Bogdan from Secorda security team (http://secorda.com/)
Summary:
In recent security research, Secorda security team has found multiple vulnerabilities affecting Cisco EPC3928 Wireless Residential Gateway. Variants of this product can also be affected.
Using combination of several vulnerabilities, attacker is able to remotely download and decode boot configuration file, which you can see on PoC video below. The attacker is also able to reconfigure device in order
Exploit-DB
Man-db 2.6.7.1 - Local Privilege Escalation
exploitdb·2015-12-02
CVE-2015-1336 Man-db 2.6.7.1 - Local Privilege Escalation
Man-db 2.6.7.1 - Local Privilege Escalation
---
/*
EDB Note:
man:man -> man:root ~ http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/
man:root -> root:root ~ http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/
CreateSetgidBinary.c ~ http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/CreateSetgidBinary.c
DirModifyInotify-20110530.c ~ http://www.halfdog.net/Security/2010/FilesystemRecursionAndSymlinks/DirModifyInotify-20110530.c
*/
## man:man -> man:root
Setgid Binary Creater: The program CreateSetgidBinary.c allows to create the suitable setgid binary circumventing the kernel protection. Currently creating an empty setgid executable in /var/cache/man would work but writing as user man will remove the setgid flag sil
Bugzilla
CVE-2015-1336 man-db: TOCTOU bug when processing catman pages [fedora-all]
bugzilla·2015-12-17·CVSS 7.8
CVE-2015-1336 [HIGH] CVE-2015-1336 man-db: TOCTOU bug when processing catman pages [fedora-all]
CVE-2015-1336 man-db: TOCTOU bug when processing catman pages [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fed
Bugzilla
CVE-2015-1336 man-db: TOCTOU bug when processing catman pages
bugzilla·2015-12-17·CVSS 7.8
CVE-2015-1336 [HIGH] CVE-2015-1336 man-db: TOCTOU bug when processing catman pages
CVE-2015-1336 man-db: TOCTOU bug when processing catman pages
The following flaw was found in man-db:
The daily mandb cleanup job for old catman pages changes the permissions of all non-man files to user man.
Originally filed against Ubuntu:
https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786
External References:
http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/
Discussion:
Created man-db tracking bugs for this issue:
Affects: fedora-all [bug 1292433]
---
Hello,
It appears to me that Fedora and RHEL7 man-db packages are not affected by this, since there is no cleanup job for old catman pages there:
http://pkgs.fedoraproject.org/cgit/man-db.git/tree/man-db.crondaily?h=f23
---
Nikola's comment above is correct: man-db in rhel and fedora ar
Bugzilla
CVE-2014-1336 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)
bugzilla·2015-01-27·CVSS 6.8
CVE-2014-1336 [MEDIUM] CVE-2014-1336 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)
CVE-2014-1336 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)
Following vulnerability was discovered on the 2.4 stable series of WebKitGTK+:
CVE-2014-1336
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
External References:
http://webkitgtk.org/security/WSA-2015-0001.html
Discussion:
Statement:
Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Se
http://packetstormsecurity.com/files/140759/Man-db-2.6.7.1-Privilege-Escalation.htmlhttp://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.htmlhttp://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/http://www.openwall.com/lists/oss-security/2015/12/14/11http://www.securityfocus.com/bid/79723https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786https://security.gentoo.org/glsa/201707-12http://packetstormsecurity.com/files/140759/Man-db-2.6.7.1-Privilege-Escalation.htmlhttp://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.htmlhttp://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/http://www.openwall.com/lists/oss-security/2015/12/14/11http://www.securityfocus.com/bid/79723https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786https://security.gentoo.org/glsa/201707-12
2017-09-28
Published