CVE-2015-2285

The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
ubuntuupstart
𝑥
≤ 1.13.2-0ubuntu7
ubuntuvivid
15.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
upstart
utopic
not-affected
trusty
not-affected
precise
not-affected
lucid
not-affected
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/130587/Ubuntu-Vivid-Upstart-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2015/Mar/7
http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/
https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1425685
http://packetstormsecurity.com/files/130587/Ubuntu-Vivid-Upstart-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2015/Mar/7
http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/
https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1425685