Gentoo's NGINX ebuilds are vulnerable to privilege escalation due to the way log files are handled.
Package | www-servers/nginx on all architectures |
---|---|
Affected versions | < 1.10.2-r3 |
Unaffected versions | >= 1.10.2-r3 |
nginx is a robust, small, and high performance HTTP and reverse proxy server.
It was discovered that Gentoo’s default NGINX installation applied similar problematic permissions on “/var/log/nginx” as Debian (DSA-3701) and is therefore vulnerable to the same attack described in CVE-2016-1247.
A local attacker, who either is already NGINX’s system user or belongs to NGINX’s group, could potentially escalate privileges.
Ensure that no untrusted user can create files in directories which are used by NGINX (or an NGINX vhost) to store log files.
All NGINX users should upgrade to the latest ebuild revision:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.2-r3"
Release date
January 11, 2017
Latest revision
January 11, 2017: 1
Severity
normal
Exploitable
local
Bugzilla entries