Nginx Local Privilege Escalation Vulnerability Technical Analysis and Solution

On November 15, 2016 (local time), released an advisory about a privilege escalation vulnerability, assigned CVE-2016-1247, found in the Nginx server. Nginx web server packaging on Debian-based distributions, such as Debian or Ubuntu, was found to allow creating log directories with insecure permissions.