Nginx on Debian Log File Permissions Let Local Users Gain Elevated Privileges

Posted on Posted in NginX

Decription: The nginx packages on Debian-based systems do not properly handle log file permissions in the '/var/log/nginx' directory. A local user with 'www-data' user privileges can obtain root privileges on the target system.

Recommended action: Apply the fix (1.6.2-5+deb8u3) issued by Debian.

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *