ID:445 - Exploit for Privilege escalation - CVE-2016-1247
Published: March 18, 2020
Vulnerability identifier: #VU1082
Vulnerability risk: Low
CVE-ID: CVE-2016-1247
CWE-ID: CWE-264
Exploitation vector: Local access
Vulnerable software:
Link to public exploit:
Vulnerability description
The vulnerability allows a local user to gain elevated privileges on the target system.
The weakness is due to improper handling of log file permissions in the '/var/log/nginx' directory by nginx packages. A locall attacker with 'www-data' user privileges can obtain root privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
The weakness is due to improper handling of log file permissions in the '/var/log/nginx' directory by nginx packages. A locall attacker with 'www-data' user privileges can obtain root privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
Remediation
Update to version 1.6.2-5+deb8u3.