Nginx elevation of privilege vulnerability(CVE-2016-1247) analysis-vulnerability warning-the black bar safety net

0x00 vulnerability overview 1. Vulnerability description 11 on 15 September, foreign security researcher Dawid Golunski discloses a new Nginx Vulnerability, CVE-2016-1247, and can affect based on Debian-based distributions, Nginx as the current mainstream a multi-purpose server, and thus its harm...

CVE-2016-1247

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access...

Code injection

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access...

CVE-2016-1247

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access...

DEBIAN-CVE-2016-1247

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access...

CVE-2016-1247

CVE-2016-1247 affects nginx products (Debian, Ubuntu, Gentoo) where older nginx binaries (e.g., Debian jessie <1.6.2-5+deb8u3; Ubuntu 14.04/16.04/16.10 < listed versions; Gentoo ebuild = 1.10.2 on Gentoo, 1.10.2-3 on Arch, newer upstream branches). An in-wild PoC exploit exists (logrotate-b...

CVE-2016-1247

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access...

CVE-2016-1247

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access...

Linux application permissions incorrectly can provide the right series vulnerability analysis-vulnerability warning-the black bar safety net

Foreword linux to powerful file management system, in actual use, although able to work provide great convenience, but if the permissions improper handling, may cause a certain security risk, such as in the operation of the file, change some folder permissions, when the use of some can be freely...

Peplink NGxxx/LCxxx VPN-Firewall Open Redirect

Peplink NGxxx/LCxxx VPN-Firewall Open Redirect Vulnerability Vendor: Qingdao Xunbo Information Technology Co., Ltd. Product web page: http://www.peplink.net Affected version: PEPLINK NG300 VPN-Firewall PEPLINK NG320-VPN-Firewall PEPLINK NG500-VPN-Firewall PEPLINK NG520-VPN-Firewall PEPLINK...

EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery / Remote Command Execution

Exploit for php platform in category web applications + Credits: John Page aka hyp3rlinx Vendor: =============== www.easyphp.org Product: ============================= EasyPHP Devserver v16.1.1 easyphp-devserver-16.1.1-setup.exe hash: 64184d330a34be9e6c029ffa63c903de A complete WAMP environment f...

EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery Remote Command Execution

EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery Remote Command Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EASYPHP-DEV-SERVER-REMOTE-CMD-EXECUTION.txt + ISR: ApparitionSec Vendor: ===============...

WordPress Plugin Olimometer 2.56 - SQL Injection

WordPress Plugin Olimometer 2.56 - SQL Injection Exploit Title: Olimometer Plugin for WordPress – Sql Injection Date: 14/11/2016 Exploit Author: TAD GROUP Vendor Homepage: https://wordpress.org/plugins/olimometer/ Software Link: https://wordpress.org/plugins/olimometer/ Contact: infoattad.group...

Pushwoosh: Nginx version disclosure via response header

Nginx version disclosure Non-critical , a little information disclosure...

Nginx privilege elevation vulnerability (Debian, Ubuntu distributions)

Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com - Release date: 15.11.2016 - Revision 1.0 I. VULNERABILITY ------------------------- Nginx Debian-based distros - Root Privilege Escalation Fixed in 1.6.2-5+deb8u3 package on Debian, and 1.10.0-0ubuntu0.16.04.3 on...

Nginx (Debian Based Distros + Gentoo) - logrotate Local Privilege Escalation

Nginx Debian Based Distros + Gentoo - logrotate Local Privilege Escalation !/bin/bash Nginx Debian-based distros + Gentoo - Root Privilege Escalation PoC Exploit nginxed-root.sh ver. 1.0 CVE-2016-1247 Discovered and coded by: Dawid Golunski dawidatlegalhackers.com https://legalhackers.com Follow...

Nginx Root Privilege Escalation

/ / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // ============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com - CVE-2016-1247 - Release date:...

Nginx (Debian Based Distros + Gentoo) - 'logrotate' Local Privilege Escalation

!/bin/bash Nginx Debian-based distros + Gentoo - Root Privilege Escalation PoC Exploit nginxed-root.sh ver. 1.0 CVE-2016-1247 Discovered and coded by: Dawid Golunski dawidatlegalhackers.com https://legalhackers.com Follow https://twitter.com/dawidgolunski for updates on this advisory. --- This Po...

Nginx (Debian-Based Distributions) - Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits !/bin/bash Source: http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html Nginx Debian-based distros - Root Privilege Escalation PoC Exploit nginxed-root.sh ver. 1.0 CVE-2016-1247 Discovered and coded by: Dawid...

Pushwoosh: Nginx server version disclosure

Design Issue, Information Disclosure, Low Severity...