Linux Man Malicious Cache File Creation Vulnerability
Removing the setuid bit from '/usr/lib/man-db/mandb' will eliminate the possibility of immediately gaining uid 'man'. It may also be advisable to remove the setuid bit from '/usr/lib/man-db/man' as well.
Vendor updates which rectify this issue are available:
Debian Linux 2.2