The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
|
History
14 Dec 2021, 21:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/40768/ - Exploit, Third Party Advisory, VDB Entry | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2017/Jan/33 - Mailing List, Third Party Advisory | |
References | (MISC) https://www.youtube.com/watch?v=aTswN1k1fQs - Exploit, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESTIADC7BDB6VTH4JAP6C6OCW2CQ4NHP/ - Mailing List, Third Party Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/539796/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3WOO7E5R2HT5XVOIOFPEFALILVOWZUF/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201701-22 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBIZEKHBOCKO7FUMCO4X53ENMWU5OYFX/ - Mailing List, Third Party Advisory |
10 Nov 2021, 16:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* |
Information
Published : 2016-11-29 17:59
Updated : 2024-02-04 19:11
NVD link : CVE-2016-1247
Mitre link : CVE-2016-1247
CVE.ORG link : CVE-2016-1247
JSON object : View
Products Affected
fedoraproject
- fedora
canonical
- ubuntu_linux
debian
- debian_linux
f5
- nginx
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')