edit-icon download-icon

[Vulnerability notice] CVE-2016-1247: Local privilege escalation vulnerability in Nginx on Debian and Ubuntu distributions

Last Updated: Apr 08, 2018

On November 15, 2016, security researcher Dawid Golunski detected the local privilege escalation vulnerability in Nginx on Debian and Ubuntu distributions. Nginx server creates log directories with insecure permissions which can be exploited by malicious local attackers to escalate their privileges from nginx/web user (www-data) to root.

Keep yourself updated with this vulnerability to guarantee your service security on Alibaba Cloud.

See the following for more information about the vulnerability.


CVE identifier

CVE-2016-1247

Vulnerability name

Local privilege escalation vulnerability in Nginx on Debian and Ubuntu distributions

Vulnerability rating

High

Vulnerability description

Nginx installed by default based on the Debian system uses the www-data permission to create an Nginx log directory. Local attackers can use symbolic links to replace the log file with any file, to escalate the permission and obtain the server permissions.

This vulnerability allows an attacker to obtain the highest level of permissions on the server, causing data leakage.

Condition and method of exploitation

An attacker can remotely exploit this vulnerability to gain local permissions and then exploit it again to escalate permissions.

Affected scope

Debian: Nginx 1.6.2-5+deb8u3

Ubuntu:

  • Ubuntu 16.04LTS: 1.10.0-0ubuntu0.16.04.3
  • Ubuntu 14.04 LTS: 1.4.6-1ubuntu3.6
  • Ubuntu 16.10:1.10.1-0ubuntu1.1

How to fix or mitigate

Upgrade Nginx to the latest version. The download address is as follows:

Reference

[1]. https://legalhackers.com
[2]. https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
[3]. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247
[4]. https://security-tracker.debian.org/tracker/CVE-2016-1247

Thank you! We've received your feedback.