Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 16 Nov 2016 01:15:02 -0200
From: Dawid Golunski <dawid@...alhackers.com>
To: oss-security@...ts.openwall.com
Subject: Nginx (Debian-based distros) - Root Privilege Escalation
 Vulnerability (CVE-2016-1247)

Vulnerability: Nginx (Debian-based distros) - Root Privilege
Escalation Exploit (CVE-2016-1247)

Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Nginx web server packaging on Debian-based distributions such as Debian or
Ubuntu was found to create log directories with insecure permissions which
can be exploited by malicious local attackers to escalate their privileges
from nginx/web user (www-data) to root.
The vulnerability could be easily exploited by attackers who have managed to
compromise a web application hosted on Nginx server and gained access to
www-data account to escalate their privileges to root without any
admin interaction thanks to cron.daily.

Vulnerability fixed in the following packages:
Nginx 1.6.2-5+deb8u3 package on Debian
Nginx 1.10.0-0ubuntu0.16.04.3 on Ubuntu (16.04 LTS)


The up-to-date advisory can be found at:

https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html

For updates, follow:

https://twitter.com/dawid_golunski

Copy of the exploit is also attached to this message.

Download attachment "nginxed-root.sh" of type "application/x-sh" (7235 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.