製品・ソフトウェアに関する情報

JVN脆弱性詳細

Debian および Ubuntu 上で稼動する nginx パッケージにおける root 権限を取得される脆弱性

Title	Debian および Ubuntu 上で稼動する nginx パッケージにおける root 権限を取得される脆弱性
Summary	Debian および Ubuntu 上で稼動する nginx パッケージには、root 権限を取得される脆弱性が存在します。
Possible impacts	Web サーバのユーザアカウントへのアクセス権を持つローカルユーザにより、エラーログへのシンボリックリンク攻撃を介して、root 権限を取得される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Nov. 15, 2016, midnight
Registration Date	Nov. 30, 2016, 5:27 p.m.
Last Update	Nov. 30, 2016, 5:27 p.m.

CVSS3.0 : 重要
Score	7.8
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS2.0 : 危険
Score	7.2
Vector	AV:L/AC:L/Au:N/C:C/I:C/A:C

Affected System

Igor Sysoev

nginx 1.10.0-0ubuntu0.16.04.3 未満 (Ubuntu 16.04 LTS)

nginx 1.10.1-0ubuntu1.1 未満 (Ubuntu 16.10)

nginx 1.4.6-1ubuntu3.6 未満 (Ubuntu 14.04 LTS)

nginx 1.6.2-5+deb8u3 未満 (Debian jessie)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-1247	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247
National Vulnerability Database (NVD)
2	CVE-2016-1247	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1247
関連文書
3	CVE-2016-1247	https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-59	https://jvndb.jvn.jp/ja/cwe/CWE-59.html

ベンダー情報

No	Name	URL
nginx
1	Top Page	https://nginx.org/en/

Change Log

No	Changed Details	Date of change
0	[2016年11月30日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-1247

Summary	The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.
Publication Date	Nov. 30, 2016, 2:59 a.m.
Registration Date	Jan. 26, 2021, 2:07 p.m.
Last Update	Nov. 21, 2024, 11:46 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:f5:nginx::::::::			1.10.1
execution environment
1	cpe:2.3:o:canonical:ubuntu_linux:16.10:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:f5:nginx::::::::			1.10.0
execution environment
1	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:f5:nginx::::::::			1.6.2
execution environment
1	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:a:f5:nginx::::::::			1.4.3
execution environment
1	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:33:::::::*
cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
2	http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
3	http://seclists.org/fulldisclosure/2016/Nov/78	Mailing List Third Party Advisory
4	http://seclists.org/fulldisclosure/2016/Nov/78	Mailing List Third Party Advisory
5	http://seclists.org/fulldisclosure/2017/Jan/33	Mailing List Third Party Advisory
6	http://seclists.org/fulldisclosure/2017/Jan/33	Mailing List Third Party Advisory
7	http://www.debian.org/security/2016/dsa-3701	Vendor Advisory
8	http://www.debian.org/security/2016/dsa-3701	Vendor Advisory
9	http://www.securityfocus.com/archive/1/539796/100/0/threaded	Third Party Advisory VDB Entry
10	http://www.securityfocus.com/archive/1/539796/100/0/threaded	Third Party Advisory VDB Entry
11	http://www.securityfocus.com/bid/93903	Third Party Advisory VDB Entry
12	http://www.securityfocus.com/bid/93903	Third Party Advisory VDB Entry
13	http://www.securitytracker.com/id/1037104	Third Party Advisory VDB Entry
14	http://www.securitytracker.com/id/1037104	Third Party Advisory VDB Entry
15	http://www.ubuntu.com/usn/USN-3114-1	Vendor Advisory
16	http://www.ubuntu.com/usn/USN-3114-1	Vendor Advisory
17	https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html	Exploit Third Party Advisory
18	https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html	Exploit Third Party Advisory
19	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBIZEKHBOCKO7FUMCO4X53ENMWU5OYFX/
20	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBIZEKHBOCKO7FUMCO4X53ENMWU5OYFX/
21	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESTIADC7BDB6VTH4JAP6C6OCW2CQ4NHP/
22	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESTIADC7BDB6VTH4JAP6C6OCW2CQ4NHP/
23	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3WOO7E5R2HT5XVOIOFPEFALILVOWZUF/
24	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3WOO7E5R2HT5XVOIOFPEFALILVOWZUF/
25	https://security.gentoo.org/glsa/201701-22	Third Party Advisory
26	https://security.gentoo.org/glsa/201701-22	Third Party Advisory
27	https://www.exploit-db.com/exploits/40768/	Exploit Third Party Advisory VDB Entry
28	https://www.exploit-db.com/exploits/40768/	Exploit Third Party Advisory VDB Entry
29	https://www.youtube.com/watch?v=aTswN1k1fQs	Exploit Third Party Advisory
30	https://www.youtube.com/watch?v=aTswN1k1fQs	Exploit Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-59	リンク解釈の問題	https://cwe.mitre.org/data/definitions/59.html