Vulnerability Description
The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Upstart | <= 1.13.2-0ubuntu7 |
| Ubuntu | Vivid | 15.04 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/130587/Ubuntu-Vivid-Upstart-Privilege-EscalExploit
- http://seclists.org/fulldisclosure/2015/Mar/7Exploit
- http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/Exploit
- https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1425685ExploitVendor Advisory
- http://packetstormsecurity.com/files/130587/Ubuntu-Vivid-Upstart-Privilege-EscalExploit
- http://seclists.org/fulldisclosure/2015/Mar/7Exploit
- http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/Exploit
- https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1425685ExploitVendor Advisory
FAQ
What is CVE-2015-2285?
CVE-2015-2285 is a vulnerability with a CVSS score of 7.2 (HIGH). The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileg...
How severe is CVE-2015-2285?
CVE-2015-2285 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2285?
Check the references section above for vendor advisories and patch information. Affected products include: Ubuntu Upstart, Ubuntu Vivid.