CVE-2015-2285

Name of the Vulnerable Software and Affected Versions Ubuntu Upstart versions prior to 1.13.2-0ubuntu9

Description The issue allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/. This is related to the logrotation script /etc/cron.daily/upstart in the Ubuntu Upstart package.

Recommendations For versions prior to 1.13.2-0ubuntu9, update to version 1.13.2-0ubuntu9 or later to resolve the issue. As a temporary workaround, consider restricting access to the /run/user/*/upstart/sessions/ directory to minimize the risk of exploitation.