CVE-2015-2285

NONE EPSS 58.9%
Published Mar 12, 201511y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 12, 2015 11y ago
Last Modified Jun 17, 2026 2w ago

Description

The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.

Threat Intelligence

EPSS Exploit Probability
58.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-19

Affected Products 2

VendorProductVersionRange
ubuntuupstart* ≤1.13.2-0ubuntu7
ubuntuvivid15.04any

References 4

  • packetstormsecurity.com http://packetstormsecurity.com/files/130587/Ubuntu-Vivid-Upstart-Privilege-Escalation.html
    Exploit
  • seclists.org http://seclists.org/fulldisclosure/2015/Mar/7
    Exploit
  • halfdog.net http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/
    Exploit
  • bugs.launchpad.net https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1425685
    ExploitVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.