GLSA-201701-22 : NGINX: Privilege escalation

High Nessus Plugin ID 96416

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201701-22 (NGINX: Privilege escalation)

It was discovered that Gentoo’s default NGINX installation applied similar problematic permissions on “/var/log/nginx” as Debian (DSA-3701) and is therefore vulnerable to the same attack described in CVE-2016-1247.
Impact :

A local attacker, who either is already NGINX’s system user or belongs to NGINX’s group, could potentially escalate privileges.
Workaround :

Ensure that no untrusted user can create files in directories which are used by NGINX (or an NGINX vhost) to store log files.

Solution

All NGINX users should upgrade to the latest ebuild revision:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/nginx-1.10.2-r3'

See Also

https://www.debian.org/security/2016/dsa-3701

http://www.nessus.org/u?e1440e63

https://security.gentoo.org/glsa/201701-22

Plugin Details

Severity: High

ID: 96416

File Name: gentoo_GLSA-201701-22.nasl

Version: 3.2

Type: local

Published: 2017/01/12

Updated: 2019/04/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:nginx, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/01/11

Reference Information

CVE: CVE-2016-1247

GLSA: 201701-22