PT-2015-5696 · Canonical · Ubuntu Upstart

Halfdog

Published

2015-03-12

Updated

2015-03-13

CVE-2015-2285

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ubuntu Upstart versions prior to 1.13.2-0ubuntu9

Description The issue allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/. This is related to the logrotation script /etc/cron.daily/upstart in the Ubuntu Upstart package.

Recommendations For versions prior to 1.13.2-0ubuntu9, update to version 1.13.2-0ubuntu9 or later to resolve the issue. As a temporary workaround, consider restricting access to the /run/user/*/upstart/sessions/ directory to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

CVE-2015-2285

Affected Products

Ubuntu Upstart

PT-2015-5696 · Canonical · Ubuntu Upstart

CVE-2015-2285

Weakness Enumeration

Related Identifiers

Affected Products

References · 6