GLSA-201701-22 : NGINX: Privilege escalation

High Nessus Plugin ID 96416


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-201701-22 (NGINX: Privilege escalation)

It was discovered that Gentoo’s default NGINX installation applied similar problematic permissions on “/var/log/nginx” as Debian (DSA-3701) and is therefore vulnerable to the same attack described in CVE-2016-1247.
Impact :

A local attacker, who either is already NGINX’s system user or belongs to NGINX’s group, could potentially escalate privileges.
Workaround :

Ensure that no untrusted user can create files in directories which are used by NGINX (or an NGINX vhost) to store log files.


All NGINX users should upgrade to the latest ebuild revision:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/nginx-1.10.2-r3'

See Also

Plugin Details

Severity: High

ID: 96416

File Name: gentoo_GLSA-201701-22.nasl

Version: 3.2

Type: local

Published: 2017/01/12

Updated: 2019/04/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:nginx, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/01/11

Reference Information

CVE: CVE-2016-1247

GLSA: 201701-22