CVE-2016-1247 log
| Source |
|
| Severity | High |
| Remote | No |
| Type | Privilege escalation |
| Description | A symlink attack vulnerability was discovered in nginx. An attacker who could already run commands under the nginx user id could use this access to append data to files owned by root, potentially elevating their own privileges to root. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-139 | nginx-mainline | 1.11.8-1 | 1.11.8-2 | High | Fixed | FS#52547 |
| AVG-138 | nginx | 1.10.2-2 | 1.10.2-3 | High | Fixed | FS#52546 |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 15 Jan 2017 | ASA-201701-24 | AVG-139 | nginx-mainline | High | privilege escalation |
| 15 Jan 2017 | ASA-201701-23 | AVG-138 | nginx | High | privilege escalation |
| References |
|---|
https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html |