Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2285

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2015-2285
Last Modified 13 Mar 2015 10:05:22
Published 12 Mar 2015 10:59:07
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2015-2285

Summary

The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.

Vulnerable Systems

Application

  • Ubuntu Upstart 1.13.2-0ubuntu7

  • Ubuntu Vivid 15.04


References

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1425685

MISC - http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/

FULLDISC - 20150302 upstart logrotate privilege escalation in Ubuntu Vivid (development)

MISC - http://packetstormsecurity.com/files/130587/Ubuntu-Vivid-Upstart-Privilege-Escalation.html


Last Updated: 27 May 2016 11:08:05