QwikSec

Security Database

CVE

CWE

Training

CVE-2016-1247

Published: Nov 29, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

20161121 Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247)

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_DEBIAN

https://www.youtube.com/watch?v=aTswN1k1fQs

x_refsource_MISC

vdb-entry

x_refsource_BID

https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

20170113 Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE]

mailing-list

x_refsource_FULLDISC

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_SECTRACK

20161116 Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247)

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html

x_refsource_MISC

FEDORA-2021-10c1cd4cba

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-1556d440ba

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-3aa9ac7fd1

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.