Nginx (Debian-Based Distros) Root Privilege Escalation

Posted by deepcore on November 18, 2016 – 3:04 am

Nginx web server packaging on Debian-based distributions such as Debian or Ubuntu was found to create log directories with insecure permissions which can be exploited by malicious local attackers to escalate their privileges from nginx/web user (www-data) to root. The vulnerability could be easily exploited by attackers who have managed to compromise a web application hosted on Nginx server and gained access to www-data account as it would allow them to escalate their privileges further to root access and fully compromise the system. This is fixed in 1.6.2-5+deb8u3 package on Debian and 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Microsoft Edge Eval Type Confusion Apple iOS 10.1 – Multiple Access Permission Vulnerabilities »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Nginx (Debian-Based Distros) Root Privilege Escalation

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL