Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3701.NASL
HistoryOct 26, 2016 - 12:00 a.m.

Debian DSA-3701-1 : nginx - security update

2016-10-2600:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
JSON

Dawid Golunski reported the nginx web server packages in Debian suffered from a privilege escalation vulnerability (www-data to root) due to the way log files are handled. This security update changes ownership of the /var/log/nginx directory root. In addition, /var/log/nginx has to be made accessible to local users, and local users may be able to read the log files themselves local until the next logrotate invocation.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3701. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(94260);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2016-1247");
  script_xref(name:"DSA", value:"3701");

  script_name(english:"Debian DSA-3701-1 : nginx - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Dawid Golunski reported the nginx web server packages in Debian
suffered from a privilege escalation vulnerability (www-data to root)
due to the way log files are handled. This security update changes
ownership of the /var/log/nginx directory root. In addition,
/var/log/nginx has to be made accessible to local users, and local
users may be able to read the log files themselves local until the
next logrotate invocation."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/nginx"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2016/dsa-3701"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the nginx packages.

For the stable distribution (jessie), this problem has been fixed in
version 1.6.2-5+deb8u3."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nginx");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"nginx", reference:"1.6.2-5+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"nginx-common", reference:"1.6.2-5+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"nginx-doc", reference:"1.6.2-5+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"nginx-extras", reference:"1.6.2-5+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"nginx-extras-dbg", reference:"1.6.2-5+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"nginx-full", reference:"1.6.2-5+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"nginx-full-dbg", reference:"1.6.2-5+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"nginx-light", reference:"1.6.2-5+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"nginx-light-dbg", reference:"1.6.2-5+deb8u3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxnginxp-cpe:/a:debian:debian_linux:nginx
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0

Related

fedora 3
exploitpack 1
openvas 5
packetstorm 1
debian 3
nessus 2
prion 1
myhack58 2
debiancve 1
cvelist 1
redhatcve 1
gentoo 1
zdt 1
cve 1
archlinux 2
seebug 1
exploitdb 1
ubuntucve 2
fedora
fedora
[SECURITY] Fedora 32 Update: nginx-1.20.0-2.fc32
2021-04-29 01:22:36
[SECURITY] Fedora 34 Update: nginx-1.20.0-2.fc34
2021-04-30 00:55:56
[SECURITY] Fedora 33 Update: nginx-1.20.0-2.fc33
2021-04-29 00:58:09
exploitpack
exploitpack
Nginx (Debian Based Distros + Gentoo) - logrotate Local Privilege Escalation
2016-11-16 00:00:00
openvas
openvas
Debian Security Advisory DSA 3701-1 (nginx - security update)
2016-10-25 00:00:00
Fedora: Security Advisory for nginx (FEDORA-2021-10c1cd4cba)
2021-05-01 00:00:00
Ubuntu: Security Advisory (USN-3114-1)
2016-10-26 00:00:00
packetstorm
packetstorm
Nginx Root Privilege Escalation
2016-11-16 00:00:00
debian
debian
[SECURITY] [DSA 3701-1] nginx security update
2016-10-25 19:07:07
[SECURITY] [DSA 3701-2] nginx regression update
2016-10-28 04:56:41
[SECURITY] [DSA 3701-2] nginx regression update
2016-10-28 04:56:41
nessus
nessus
Amazon Linux 2 : nginx (ALASNGINX1-2023-005)
2023-09-27 00:00:00
GLSA-201701-22 : NGINX: Privilege escalation
2017-01-12 00:00:00
prion
prion
Code injection
2016-11-29 17:59:00
myhack58
myhack58
Nginx elevation of privilege vulnerability(CVE-2016-1247) analysis-vulnerability warning-the black bar safety net
2016-12-03 00:00:00
Linux application permissions incorrectly can provide the right series vulnerability analysis-vulnerability warning-the black bar safety net
2016-11-29 00:00:00
debiancve
debiancve
CVE-2016-1247
2016-11-29 17:59:00
cvelist
cvelist
CVE-2016-1247
2016-11-29 17:00:00
redhatcve
redhatcve
CVE-2016-1247
2016-10-31 12:47:18
gentoo
gentoo
NGINX: Privilege escalation
2017-01-11 00:00:00
zdt
zdt
Nginx (Debian-Based Distributions) - Local Privilege Escalation Exploit
2016-11-16 00:00:00
cve
cve
CVE-2016-1247
2016-11-29 17:59:00
archlinux
archlinux
[ASA-201701-24] nginx-mainline: privilege escalation
2017-01-15 00:00:00
[ASA-201701-23] nginx: privilege escalation
2017-01-15 00:00:00
seebug
seebug
Nginx privilege elevation vulnerability (Debian, Ubuntu distributions)
2016-11-16 00:00:00
exploitdb
exploitdb
Nginx (Debian Based Distros + Gentoo) - 'logrotate' Local Privilege Escalation
2016-11-16 00:00:00
ubuntucve
ubuntucve
CVE-2016-1247
2016-10-25 00:00:00
CVE-2013-0337
2013-10-27 00:00:00
JSON
Related for DEBIAN_DSA-3701.NASL
fedora3exploitpack1openvas5packetstorm1debian3nessus2prion1myhack582debiancve1cvelist1redhatcve1gentoo1zdt1cve1archlinux2seebug1exploitdb1ubuntucve2