Vulnerability Details CVE-2018-25078
man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 15.2%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2018-25078
-
cpe:2.3:a:man-db_project:man-db:2.3.18
-
cpe:2.3:a:man-db_project:man-db:2.3.19
-
cpe:2.3:a:man-db_project:man-db:2.3.20
-
cpe:2.3:a:man-db_project:man-db:2.3.90
-
cpe:2.3:a:man-db_project:man-db:2.4.0
-
cpe:2.3:a:man-db_project:man-db:2.4.1
-
cpe:2.3:a:man-db_project:man-db:2.4.2
-
cpe:2.3:a:man-db_project:man-db:2.4.3
-
cpe:2.3:a:man-db_project:man-db:2.4.4
-
cpe:2.3:a:man-db_project:man-db:2.4.5
-
cpe:2.3:a:man-db_project:man-db:2.5.0
-
cpe:2.3:a:man-db_project:man-db:2.5.1
-
cpe:2.3:a:man-db_project:man-db:2.5.2
-
cpe:2.3:a:man-db_project:man-db:2.5.3
-
cpe:2.3:a:man-db_project:man-db:2.5.4
-
cpe:2.3:a:man-db_project:man-db:2.5.5
-
cpe:2.3:a:man-db_project:man-db:2.5.6
-
cpe:2.3:a:man-db_project:man-db:2.5.7
-
cpe:2.3:a:man-db_project:man-db:2.5.8
-
cpe:2.3:a:man-db_project:man-db:2.5.9
-
cpe:2.3:a:man-db_project:man-db:2.6.0
-
cpe:2.3:a:man-db_project:man-db:2.6.0.1
-
cpe:2.3:a:man-db_project:man-db:2.6.0.2
-
cpe:2.3:a:man-db_project:man-db:2.6.1
-
cpe:2.3:a:man-db_project:man-db:2.6.2
-
cpe:2.3:a:man-db_project:man-db:2.6.3
-
cpe:2.3:a:man-db_project:man-db:2.6.4
-
cpe:2.3:a:man-db_project:man-db:2.6.5
-
cpe:2.3:a:man-db_project:man-db:2.6.6
-
cpe:2.3:a:man-db_project:man-db:2.6.7
-
cpe:2.3:a:man-db_project:man-db:2.6.7.1
-
cpe:2.3:a:man-db_project:man-db:2.7.0
-
cpe:2.3:a:man-db_project:man-db:2.7.0.1
-
cpe:2.3:a:man-db_project:man-db:2.7.0.2
-
cpe:2.3:a:man-db_project:man-db:2.7.1
-
cpe:2.3:a:man-db_project:man-db:2.7.2
-
cpe:2.3:a:man-db_project:man-db:2.7.3
-
cpe:2.3:a:man-db_project:man-db:2.7.4
-
cpe:2.3:a:man-db_project:man-db:2.7.5
-
cpe:2.3:a:man-db_project:man-db:2.7.6
-
cpe:2.3:a:man-db_project:man-db:2.7.6.1
-
cpe:2.3:a:man-db_project:man-db:2.8.0
-
cpe:2.3:a:man-db_project:man-db:2.8.1
-
cpe:2.3:a:man-db_project:man-db:2.8.2
-
cpe:2.3:a:man-db_project:man-db:2.8.3
-
cpe:2.3:a:man-db_project:man-db:2.8.4