[arch-security] [ASA-201701-23] nginx: privilege escalation
Levente Polyak
anthraxx at archlinux.org
Sun Jan 15 21:40:19 UTC 2017
Arch Linux Security Advisory ASA-201701-23
==========================================
Severity: High
Date : 2017-01-15
CVE-ID : CVE-2016-1247
Package : nginx
Type : privilege escalation
Remote : No
Link : https://security.archlinux.org/AVG-138
Summary
=======
The package nginx before version 1.10.2-3 is vulnerable to privilege
escalation.
Resolution
==========
Upgrade to 1.10.2-3.
# pacman -Syu "nginx>=1.10.2-3"
The problem has been fixed upstream but no release is available yet.
Workaround
==========
None.
Description
===========
A symlink attack vulnerability was discovered in nginx. An attacker who
could already run commands under the nginx user id could use this
access to append data to files owned by root, potentially elevating
their own privileges to root.
Impact
======
A remote attacker who managed to compromise a web application is able
to obtain root privileges on the affected host.
References
==========
https://bugs.archlinux.org/task/52546
https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
https://security.archlinux.org/CVE-2016-1247
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20170115/72659bea/attachment.asc>
More information about the arch-security
mailing list