Subject: [ASA-201701-23] nginx: privilege escalation Arch Linux Security Advisory ASA-201701-23 ========================================== Severity: High Date : 2017-01-15 CVE-ID : CVE-2016-1247 Package : nginx Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-138 Summary ======= The package nginx before version 1.10.2-3 is vulnerable to privilege escalation. Resolution ========== Upgrade to 1.10.2-3. # pacman -Syu "nginx>=1.10.2-3" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A symlink attack vulnerability was discovered in nginx. An attacker who could already run commands under the nginx user id could use this access to append data to files owned by root, potentially elevating their own privileges to root. Impact ====== A remote attacker who managed to compromise a web application is able to obtain root privileges on the affected host. References ========== https://bugs.archlinux.org/task/52546 https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html https://security.archlinux.org/CVE-2016-1247