Lucene search

[email protected]NVD:CVE-2015-2285

HistoryMar 12, 2015 - 2:59 p.m.

CVE-2015-2285

2015-03-1214:59:07

CWE-19

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

27.6%

JSON

The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.

Affected configurations

Nvd

Node

ubuntuupstartRange≤1.13.2-0ubuntu7

AND

ubuntuvividMatch15.04

VendorProductVersionCPE
ubuntuupstart*cpe:2.3:a:ubuntu:upstart:*:*:*:*:*:*:*:*
ubuntuvivid15.04cpe:2.3:a:ubuntu:vivid:15.04:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ubuntu	upstart	*	cpe:2.3:a:ubuntu:upstart::::::::
ubuntu	vivid	15.04	cpe:2.3:a:ubuntu:vivid:15.04:::::::*

References

packetstormsecurity.com/files/130587/Ubuntu-Vivid-Upstart-Privilege-Escalation.html

seclists.org/fulldisclosure/2015/Mar/7

www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/

bugs.launchpad.net/ubuntu/+source/upstart/+bug/1425685

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

27.6%

JSON

Related for NVD:CVE-2015-2285

cve1 zdt1 ubuntucve1 prion1 exploitdb1 cvelist1