NGINX: Privilege escalation — GLSA 201701-22

Gentoo's NGINX ebuilds are vulnerable to privilege escalation due to the way log files are handled.

Affected packages

www-servers/nginx on all architectures
Affected versions < 1.10.2-r3
Unaffected versions >= 1.10.2-r3

Background

nginx is a robust, small, and high performance HTTP and reverse proxy server.

Description

It was discovered that Gentoo’s default NGINX installation applied similar problematic permissions on “/var/log/nginx” as Debian (DSA-3701) and is therefore vulnerable to the same attack described in CVE-2016-1247.

Impact

A local attacker, who either is already NGINX’s system user or belongs to NGINX’s group, could potentially escalate privileges.

Workaround

Ensure that no untrusted user can create files in directories which are used by NGINX (or an NGINX vhost) to store log files.

Resolution

All NGINX users should upgrade to the latest ebuild revision:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.2-r3"
 

References

Release date
January 11, 2017

Latest revision
January 11, 2017: 1

Severity
normal

Exploitable
local

Bugzilla entries