CVE-2016-1247

Source
Severity High
Remote No
Type Privilege escalation
Description
A symlink attack vulnerability was discovered in nginx. An attacker who could already run commands under the nginx user id could use this access to append data to files owned by root, potentially elevating their own privileges to root.
Group Package Affected Fixed Severity Status Ticket
AVG-139 nginx-mainline 1.11.8-1 1.11.8-2 High Fixed FS#52547
AVG-138 nginx 1.10.2-2 1.10.2-3 High Fixed FS#52546
Date Advisory Group Package Severity Description
15 Jan 2017 ASA-201701-24 AVG-139 nginx-mainline High privilege escalation
15 Jan 2017 ASA-201701-23 AVG-138 nginx High privilege escalation
References
https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html