CVE-2018-25078

NameCVE-2018-25078
Descriptionman-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
man-db (PTS)bullseye2.9.4-2fixed
bookworm2.11.2-2fixed
forky, sid, trixie2.13.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
man-dbsource(unstable)(not affected)

Notes

- man-db <not-affected> (Gentoo-specific packaging issue)
Search for package or bug name: Reporting problems