Privilege Escalation in man-db on Gentoo

Privilege Escalation in man-db on Gentoo

CVE-2018-25078 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)

Learn more about our Cis Benchmark Audit For Debian Family Linux.