The Debian man-db package is a command-line tool for managing manual pages. This vulnerability allows local users to overwrite files via a symlink attack, potentially leading to unauthorized modifications of system files.
The Debian man-db package is a command-line tool for managing manual pages. This vulnerability allows local users to overwrite files via a symlink attack, potentially leading to unauthorized modifications of system files.
You're affected if you use Debian man-db version 4.2.1-3 or earlier.
Check with: dpkg -l man-db | grep man-db (Note: This command checks for the presence of the package, not its version.)
This is a specific vulnerability in the Debian package manager and not related to other packages like man-pages, which might be confused with it.
Upgrade to Debian man-db 4.2.1-3 or later.
sudo apt-get update && sudo apt-get install man-db
- Immediate mitigations:
- Remove any unnecessary symlinks in /usr/share/man (use find /usr/share/man -type l | xargs rm)
- Limit user privileges to prevent potential attacks