GLSA-201701-22 : NGINX: Privilege escalation

high Nessus Plugin ID 96416

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201701-22 (NGINX: Privilege escalation)

It was discovered that Gentoo’s default NGINX installation applied similar problematic permissions on “/var/log/nginx” as Debian (DSA-3701) and is therefore vulnerable to the same attack described in CVE-2016-1247.
Impact :

A local attacker, who either is already NGINX’s system user or belongs to NGINX’s group, could potentially escalate privileges.
Workaround :

Ensure that no untrusted user can create files in directories which are used by NGINX (or an NGINX vhost) to store log files.

Solution

All NGINX users should upgrade to the latest ebuild revision:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/nginx-1.10.2-r3'

See Also

https://www.debian.org/security/2016/dsa-3701

http://www.nessus.org/u?e1440e63

https://security.gentoo.org/glsa/201701-22

Plugin Details

Severity: High

ID: 96416

File Name: gentoo_GLSA-201701-22.nasl

Version: 3.3

Type: local

Published: 1/12/2017

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:nginx, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/11/2017

Reference Information

CVE: CVE-2016-1247

GLSA: 201701-22