Linux Man Malicious Cache File Creation Vulnerability

Solution:
Removing the setuid bit from '/usr/lib/man-db/mandb' will eliminate the possibility of immediately gaining uid 'man'. It may also be advisable to remove the setuid bit from '/usr/lib/man-db/man' as well.

Vendor updates which rectify this issue are available:


Debian Linux 2.2


 

Privacy Statement
Copyright 2010, SecurityFocus