Gentoo's NGINX ebuilds are vulnerable to privilege escalation due to the way log files are handled.

Affected packages

Package www-servers/nginx on all architectures Affected versions < 1.10.2-r3 Unaffected versions >= 1.10.2-r3

Background

nginx is a robust, small, and high performance HTTP and reverse proxy server.

Description

It was discovered that Gentoo’s default NGINX installation applied similar problematic permissions on “/var/log/nginx” as Debian (DSA-3701) and is therefore vulnerable to the same attack described in CVE-2016-1247.

Impact

A local attacker, who either is already NGINX’s system user or belongs to NGINX’s group, could potentially escalate privileges.

Workaround

Ensure that no untrusted user can create files in directories which are used by NGINX (or an NGINX vhost) to store log files.

Resolution

All NGINX users should upgrade to the latest ebuild revision: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.2-r3"

References