[arch-security] [ASA-201701-24] nginx-mainline: privilege escalation

Levente Polyak anthraxx at archlinux.org
Sun Jan 15 21:41:26 UTC 2017


Arch Linux Security Advisory ASA-201701-24
==========================================

Severity: High
Date    : 2017-01-15
CVE-ID  : CVE-2016-1247
Package : nginx-mainline
Type    : privilege escalation
Remote  : No
Link    : https://security.archlinux.org/AVG-139

Summary
=======

The package nginx-mainline before version 1.11.8-2 is vulnerable to
privilege escalation.

Resolution
==========

Upgrade to 1.11.8-2.

# pacman -Syu "nginx-mainline>=1.11.8-2"

The problem has been fixed upstream but no release is available yet.

Workaround
==========

None.

Description
===========

A symlink attack vulnerability was discovered in nginx. An attacker who
could already run commands under the nginx user id could use this
access to append data to files owned by root, potentially elevating
their own privileges to root.

Impact
======

A remote attacker who managed to compromise a web application is able
to obtain root privileges on the affected host.

References
==========

https://bugs.archlinux.org/task/52547
https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
https://security.archlinux.org/CVE-2016-1247

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20170115/5f7bbb7c/attachment.asc>


More information about the arch-security mailing list