7.2
CVSSv2

CVE-2015-2285

Published: 12/03/2015 Updated: 13/03/2015
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package prior to 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ubuntu upstart

ubuntu vivid 15.04

Exploits

Source: wwwhalfdognet/Security/2015/UpstartLogrotationPrivilegeEscalation/ ## Introduction Problem description: Ubuntu Vivid 1504 (development branch) installs an insecure upstart logrotation script which will read user-supplied data from /run/user/[uid]/upstart/sessions and pass then unsanitized to an env command As user run directory ...