CVE-2015-1336 - OpenCVE

The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Canonical	Ubuntu Linux
Man-db Project	Man-db

Configuration 1 [-]

AND

cpe:2.3:a:man-db_project:man-db:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

Configuration 2 [-]

AND

cpe:2.3:a:man-db_project:man-db:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

References

Link	Resource
http://packetstormsecurity.com/files/140759/Man-db-2.6.7.1-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.html	Third Party Advisory
http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/	Exploit Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/12/14/11	Mailing List Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/79723	Third Party Advisory VDB Entry
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357	Issue Tracking Third Party Advisory
https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786	Issue Tracking Third Party Advisory
https://security.gentoo.org/glsa/201707-12	Issue Tracking Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: canonical

Published: 2017-09-27T15:00:00

Updated: 2017-09-28T09:57:01

Reserved: 2015-01-22T00:00:00

Link: CVE-2015-1336

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-09-28T01:29:00.420

Modified: 2017-10-11T13:47:13.350

Link: CVE-2015-1336

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-02T00:00:00", "descriptions": [{"lang": "en", "value": "The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T09:57:01", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/140759/Man-db-2.6.7.1-Privilege-Escalation.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/"}, {"tags": ["x_refsource_MISC"], "url": "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.html"}, {"name": "79723", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/79723"}, {"name": "GLSA-201707-12", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201707-12"}, {"name": "[oss-security] 20151214 Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/12/14/11"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2015-1336", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786", "refsource": "MISC", "url": "https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786"}, {"name": "http://packetstormsecurity.com/files/140759/Man-db-2.6.7.1-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/140759/Man-db-2.6.7.1-Privilege-Escalation.html"}, {"name": "http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/", "refsource": "MISC", "url": "http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/"}, {"name": "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.html", "refsource": "MISC", "url": "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.html"}, {"name": "79723", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79723"}, {"name": "GLSA-201707-12", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201707-12"}, {"name": "[oss-security] 20151214 Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/14/11"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357"}]}}}}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2015-1336", "datePublished": "2017-09-27T15:00:00", "dateReserved": "2015-01-22T00:00:00", "dateUpdated": "2017-09-28T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:man-db_project:man-db:*:*:*:*:*:*:*:*", "matchCriteriaId": "91874048-33AE-42CE-9277-7AF244F09727", "versionEndIncluding": "2.7.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": false}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": false}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:man-db_project:man-db:*:*:*:*:*:*:*:*", "matchCriteriaId": "91874048-33AE-42CE-9277-7AF244F09727", "versionEndIncluding": "2.7.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": false}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use."}, {"lang": "es", "value": "Las tareas de limpieza diarias mandb en Man-db en versiones anteriores a la 2.7.6.1-1 tal y como se distribuye en Ubuntu y Debian permiten que usuarios locales con acceso a la cuenta \"man\" ganen privilegios mediante vectores que implican el uso inseguro de la funci\u00f3n chown."}], "id": "CVE-2015-1336", "lastModified": "2017-10-11T13:47:13.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-28T01:29:00.420", "references": [{"source": "security@ubuntu.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/140759/Man-db-2.6.7.1-Privilege-Escalation.html"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.html"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Third Party Advisory", "VDB Entry"], "url": "http://www.openwall.com/lists/oss-security/2015/12/14/11"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/79723"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://security.gentoo.org/glsa/201707-12"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}