3 matches found
Debian DSA-059-1 : man-db - symlink attack
Luki R. reported a bug in man-db: it did not handle nested calls ofdropeffectiveprivs and regaineffectiveprivs correctly which would cause it to regain privileges too early. This could be abused to make man create files as user man. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
CVE-2001-1331
CVE-2001-1331 affects the man-db package’s mandb tool. The vulnerability exists in mandb before version 2.3.16-3, where invoking mandb with -u or -c does not drop privileges and does not drop file-system symlinks, enabling local users to overwrite arbitrary files. Impact is local, potentially ena...
CVE-2001-1331
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options 1 -u or 2 -c, which do not drop privileges and follow symlinks...