#VU1082 Privilege escalation - CVE-2016-1247
Published: October 26, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU1082
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-1247
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Software vendor:
Description
The vulnerability allows a local user to gain elevated privileges on the target system.
The weakness is due to improper handling of log file permissions in the '/var/log/nginx' directory by nginx packages. A locall attacker with 'www-data' user privileges can obtain root privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
The weakness is due to improper handling of log file permissions in the '/var/log/nginx' directory by nginx packages. A locall attacker with 'www-data' user privileges can obtain root privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
Remediation
Update to version 1.6.2-5+deb8u3.