Nginx (Debian-based distros) – Root Privilege Escalation Vulnerability (CVE-2016-1247)

Posted by Dawid Golunski on Nov 16

Vulnerability: Nginx (Debian-based distros) – Root Privilege
Escalation (CVE-2016-1247)

Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Nginx web server packaging on Debian-based distributions such as Debian or
Ubuntu was found to create log directories with insecure permissions which
can be exploited by malicious local attackers to escalate their privileges
from nginx/web user (www-data) to root.
The vulnerability…

Leave a Reply