GLSA-201707-12 : MAN DB: Privilege escalation
High Nessus Plugin ID 101343
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201707-12 (MAN DB: Privilege escalation)
The /var/cache/man directory as part of the MAN DB package has group permissions set to root.
A local user who does not belong to the root group, but has the ability to modify the /var/cache/man directory can escalate privileges to the group root.
There is no known workaround at this time.
SolutionAll MAN DB users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=sys-apps/man-db-22.214.171.124-r2:0'