Linux Man Malicious Cache File Creation Vulnerability

Removing the setuid bit from '/usr/lib/man-db/mandb' will eliminate the possibility of immediately gaining uid 'man'. It may also be advisable to remove the setuid bit from '/usr/lib/man-db/man' as well.

Vendor updates which rectify this issue are available:

Debian Linux 2.2


Privacy Statement
Copyright 2010, SecurityFocus