A vulnerability in MAN DB allows local users to gain root privileges.
|Package||sys-apps/man-db on all architectures|
|Affected versions||< 126.96.36.199-r2|
|Unaffected versions||>= 188.8.131.52-r2|
MAN DB is a man replacement that utilizes BerkelyDB instead of flat files.
The /var/cache/man directory as part of the MAN DB package has group permissions set to root.
A local user who does not belong to the root group, but has the ability to modify the /var/cache/man directory can escalate privileges to the group root.
There is no known workaround at this time.
All MAN DB users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/man-db-184.108.40.206-r2"
July 09, 2017
July 09, 2017: 1