CVE-2015-1336

HIGH

Man-db <2.7.6.1-1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1336. PoCs published by halfdog.

AI-analyzed exploit summary This exploit leverages a setgid directory privilege escalation vulnerability (CVE-2015-1336) to escalate from 'man:man' to 'man:root' and then to 'root:root'. It involves creating a setgid binary in /var/cache/man and manipulating file ownership via symlinks during a cronjob execution.

Description

The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.

Exploits (1)

exploitdb WORKING POC VERIFIED

by halfdog · locallinux

https://www.exploit-db.com/exploits/41158

View Code ZIP pw:eip

This exploit leverages a setgid directory privilege escalation vulnerability (CVE-2015-1336) to escalate from 'man:man' to 'man:root' and then to 'root:root'. It involves creating a setgid binary in /var/cache/man and manipulating file ownership via symlinks during a cronjob execution.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux kernel (specific versions with vulnerable setgid handling)

Auth required

Prerequisites: Access to a user with 'man' group membership · Cronjob execution of mandb · Presence of writable files owned by root

MITRE ATT&CK