CVE-2006-4250

Name	CVE-2006-4250
Description	Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
References	DSA-1278-1
NVD severity	medium (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
man-db (PTS)	wheezy	2.6.2-1	fixed
	jessie	2.7.0.2-5	fixed
	buster, sid, stretch	2.7.6.1-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
man-db	source	(unstable)	2.4.3-5	medium
man-db	source	sarge	2.4.2-21sarge1	medium	DSA-1278-1