Privilege escalation - CVE-2016-1247
Published: October 26, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU1082
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-1247
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a local user to gain elevated privileges on the target system.
The weakness is due to improper handling of log file permissions in the '/var/log/nginx' directory by nginx packages. A locall attacker with 'www-data' user privileges can obtain root privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
The weakness is due to improper handling of log file permissions in the '/var/log/nginx' directory by nginx packages. A locall attacker with 'www-data' user privileges can obtain root privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
How to mitigate CVE-2016-1247
Update to version 1.6.2-5+deb8u3.