oss-sec mailing list archives

Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE]

From: Dawid Golunski <dawid () legalhackers com>
Date: Fri, 13 Jan 2017 07:35:25 -0200

Updated CVE-2016-1247 advisory

Nginx packages on Gentoo distros were also found vulnerable to Root
Privilege Escalation (CVE-2016-1247) exploit I discovered last year.

Updated advisory URL:
https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html

Gentoo notice:
https://security.gentoo.org/glsa/201701-22


Copy of my updated advisory attached below.

Follow:
https://twitter.com/dawid_golunski
for more vulns.



Regards,
Dawid Golunski
https://legalhackers.com
t: @dawid_golunski

Attachment: gentoo.txt
Description:

Current thread:

Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Dawid Golunski (Jan 13)
- Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Carlos Alberto Lopez Perez (Jan 13)
  - Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Daniel Kahn Gillmor (Jan 13)
  - Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Thomas Deutschmann (Jan 13)
    - Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Carlos Alberto Lopez Perez (Jan 13)
    - Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Thomas Deutschmann (Jan 13)