NGINX: Privilege escalation

2017-01-11T00:00:00
ID GLSA-201701-22
Type gentoo
Reporter Gentoo Foundation
Modified 2017-01-11T00:00:00

Description

Background

nginx is a robust, small, and high performance HTTP and reverse proxy server.

Description

It was discovered that Gentoo’s default NGINX installation applied similar problematic permissions on “/var/log/nginx” as Debian (DSA-3701) and is therefore vulnerable to the same attack described in CVE-2016-1247.

Impact

A local attacker, who either is already NGINX’s system user or belongs to NGINX’s group, could potentially escalate privileges.

Workaround

Ensure that no untrusted user can create files in directories which are used by NGINX (or an NGINX vhost) to store log files.

Resolution

All NGINX users should upgrade to the latest ebuild revision:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.2-r3"