On November 15, 2016, security researcher Dawid Golunski detected the local privilege escalation vulnerability in Nginx on Debian and Ubuntu distributions. Nginx server creates log directories with insecure permissions which can be exploited by malicious local attackers to escalate their privileges from nginx/web user (www-data) to root.
Keep yourself updated with this vulnerability to guarantee your service security on Alibaba Cloud.
See the following for more information about the vulnerability.
Local privilege escalation vulnerability in Nginx on Debian and Ubuntu distributions
Nginx installed by default based on the Debian system uses the www-data permission to create an Nginx log directory. Local attackers can use symbolic links to replace the log file with any file, to escalate the permission and obtain the server permissions.
This vulnerability allows an attacker to obtain the highest level of permissions on the server, causing data leakage.
Condition and method of exploitation
An attacker can remotely exploit this vulnerability to gain local permissions and then exploit it again to escalate permissions.
Debian: Nginx 1.6.2-5+deb8u3
- Ubuntu 16.04LTS: 1.10.0-0ubuntu0.16.04.3
- Ubuntu 14.04 LTS: 1.4.6-1ubuntu3.6
- Ubuntu 16.10:1.10.1-0ubuntu1.1
How to fix or mitigate
Upgrade Nginx to the latest version. The download address is as follows:
- For Debian: https://www.debian.org/security/2016/dsa-3701
- For Ubuntu: https://www.ubuntu.com/usn/usn-3114-1/