Ubuntu Vivid CVE-2015-1336 Local Privilege Escalation Vulnerability

Ubuntu Vivid is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this vulnerability to gain elevated privileges.

Information

Bugtraq ID: 79723
Class: Design Error
CVE: CVE-2015-1336

Remote: No
Local: Yes
Published: Dec 17 2015 12:00AM
Updated: Dec 17 2015 12:00AM
Credit: halfdog
Vulnerable: Ubuntu Vivid 0

Not Vulnerable:

Exploit

Attackers require local interactive access to exploit this issue.

References:

• Bug 1292432 - (CVE-2015-1336) CVE-2015-1336 man-db: TOCTOU bug when processing c (Red Hat Bugzilla)
  
• man-db daily cron job TOCTOU bug when processing catman pages (Ubuntu)
  
• TOCTOU bug when processing catman pages (Ubuntu)
  
• Ubuntu Homepage (Ubuntu)
  
• MandbSymlinkLocalRootPrivilegeEscalation (Halfdog)
  

Source: www.securityfocus.com