CVE - CVE-2016-1247

CVE-ID
CVE-2016-1247	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:93903 URL:http://www.securityfocus.com/bid/93903 BUGTRAQ:20161121 Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247) URL:http://www.securityfocus.com/archive/1/539796/100/0/threaded DEBIAN:DSA-3701 URL:http://www.debian.org/security/2016/dsa-3701 EXPLOIT-DB:40768 URL:https://www.exploit-db.com/exploits/40768/ FEDORA:FEDORA-2021-10c1cd4cba URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3WOO7E5R2HT5XVOIOFPEFALILVOWZUF/ FEDORA:FEDORA-2021-1556d440ba URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESTIADC7BDB6VTH4JAP6C6OCW2CQ4NHP/ FEDORA:FEDORA-2021-3aa9ac7fd1 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBIZEKHBOCKO7FUMCO4X53ENMWU5OYFX/ FULLDISC:20161116 Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247) URL:http://seclists.org/fulldisclosure/2016/Nov/78 FULLDISC:20170113 Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] URL:http://seclists.org/fulldisclosure/2017/Jan/33 GENTOO:GLSA-201701-22 URL:https://security.gentoo.org/glsa/201701-22 MISC:http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html MISC:https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html MISC:https://www.youtube.com/watch?v=aTswN1k1fQs SECTRACK:1037104 URL:http://www.securitytracker.com/id/1037104 UBUNTU:USN-3114-1 URL:http://www.ubuntu.com/usn/USN-3114-1
Assigning CNA
Debian GNU/Linux
Date Record Created
20151227	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20151227)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)