The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
|
History
07 Nov 2023, 02:29
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
14 Dec 2021, 21:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
References | (FULLDISC) http://seclists.org/fulldisclosure/2017/Jan/33 - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESTIADC7BDB6VTH4JAP6C6OCW2CQ4NHP/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBIZEKHBOCKO7FUMCO4X53ENMWU5OYFX/ - Mailing List, Third Party Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/539796/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3WOO7E5R2HT5XVOIOFPEFALILVOWZUF/ - Mailing List, Third Party Advisory | |
References | (MISC) https://www.youtube.com/watch?v=aTswN1k1fQs - Exploit, Third Party Advisory | |
References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/40768/ - Exploit, Third Party Advisory, VDB Entry | |
References | (GENTOO) https://security.gentoo.org/glsa/201701-22 - Third Party Advisory |
10 Nov 2021, 16:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* |
30 Apr 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Apr 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2016-11-29 17:59
Updated : 2023-12-10 12:01
NVD link : CVE-2016-1247
Mitre link : CVE-2016-1247
CVE.ORG link : CVE-2016-1247
JSON object : View
Products Affected
debian
- debian_linux
f5
- nginx
fedoraproject
- fedora
canonical
- ubuntu_linux
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')