Man-Db Project Man-Db vulnerabilities
5 known vulnerabilities affecting man-db_project/man-db.
Total CVEs
5
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2015-1336P3HIGHCVSS 7.8PoC≤ 2.7.6.12017-09-28
CVE-2015-1336 [HIGH] CWE-284 CVE-2015-1336: The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
nvdosv
CVE-2006-4250P4MEDIUMCVSS 4.6PoC≥ 0, < 2.4.3-52007-04-10
CVE-2006-4250 [MEDIUM] CVE-2006-4250: Buffer overflow in man and mandb (man-db) 2
Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.
osv
CVE-2018-25078P3HIGHCVSS 7.8fixed in 2.8.52023-01-26
CVE-2018-25078 [HIGH] CWE-250 CVE-2018-25078: man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root
man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)
nvd
CVE-2003-0645P4MEDIUMCVSS 4.6PoC≥ 0, < 2.4.1-132003-08-27
CVE-2003-0645 [MEDIUM] CVE-2003-0645: man-db 2
man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges.
osv
CVE-2003-0620P4MEDIUMCVSS 4.6PoC≥ 0, < 2.4.1-132003-08-27
CVE-2003-0620 [MEDIUM] CVE-2003-0620: Multiple buffer overflows in man-db 2
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.
osv