Launchpad CVE tracker

CVE 2015-1336

The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.

Related bugs and status

CVE-2015-1336 (Candidate) is related to these bugs:

Bug #1482786: man-db daily cron job TOCTOU bug when processing catman pages

		In	Importance	Status
1482786	man-db daily cron job TOCTOU bug when processing catman pages	man-db (Ubuntu)	High	Fix Released
1482786	man-db daily cron job TOCTOU bug when processing catman pages	apport (Ubuntu)	Undecided	Fix Released
1482786	man-db daily cron job TOCTOU bug when processing catman pages	shadow (Ubuntu)	Undecided	Confirmed
1482786	man-db daily cron job TOCTOU bug when processing catman pages	pam (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2015121...
MISC: http://packetstormsecu...
MISC: http://people.canonica...
MISC: http://www.halfdog.net...
MISC: https://bugs.launchpad...
CONFIRM: https://bugs.debian.or...
GENTOO: GLSA-201707-12
BID: 79723

Launchpad.net

CVE 2015-1336

Related bugs and status

Related bugs

References