Published: 12/03/2015 Updated: 13/03/2015

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package prior to 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ubuntu upstart
ubuntu vivid 15.04

Source: wwwhalfdognet/Security/2015/UpstartLogrotationPrivilegeEscalation/ ## Introduction Problem description: Ubuntu Vivid 1504 (development branch) installs an insecure upstart logrotation script which will read user-supplied data from /run/user/[uid]/upstart/sessions and pass then unsanitized to an env command As user run directory ...

CWE-19 http://packetstormsecurity.com/files/130587/Ubuntu-Vivid-Upstart-Privilege-Escalation.html https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1425685 http://seclists.org/fulldisclosure/2015/Mar/7 http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/https://nvd.nist.gov https://www.exploit-db.com/exploits/41765/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-2285

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect