Date: Wed, 16 Nov 2016 01:15:02 -0200 From: Dawid Golunski <dawid@...alhackers.com> To: oss-security@...ts.openwall.com Subject: Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247) Vulnerability: Nginx (Debian-based distros) - Root Privilege Escalation Exploit (CVE-2016-1247) Discovered by: Dawid Golunski (@dawid_golunski) https://legalhackers.com Nginx web server packaging on Debian-based distributions such as Debian or Ubuntu was found to create log directories with insecure permissions which can be exploited by malicious local attackers to escalate their privileges from nginx/web user (www-data) to root. The vulnerability could be easily exploited by attackers who have managed to compromise a web application hosted on Nginx server and gained access to www-data account to escalate their privileges to root without any admin interaction thanks to cron.daily. Vulnerability fixed in the following packages: Nginx 1.6.2-5+deb8u3 package on Debian Nginx 1.10.0-0ubuntu0.16.04.3 on Ubuntu (16.04 LTS) The up-to-date advisory can be found at: https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html For updates, follow: https://twitter.com/dawid_golunski Copy of the exploit is also attached to this message. Download attachment "nginxed-root.sh" of type "application/x-sh" (7235 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.