Lucene search

[email protected]CVE-2015-2285

HistoryOct 03, 2022 - 4:16 p.m.

CVE-2015-2285

2022-10-0316:16:11

CWE-19

[email protected]

web.nvd.nist.gov

cve-2015-2285

ubuntu upstart

privilege escalation

nvd

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

16.1%

JSON

The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.

Affected configurations

NVD

Node

ubuntuupstartRange≤1.13.2-0ubuntu7

AND

ubuntuvividMatch15.04

CPENameOperatorVersion
ubuntu:upstartubuntu upstartle1.13.2-0ubuntu7
ubuntu:vividubuntu vivideq15.04

CPE	Name	Operator	Version
ubuntu:upstart	ubuntu upstart	le	1.13.2-0ubuntu7
ubuntu:vivid	ubuntu vivid	eq	15.04

References

packetstormsecurity.com/files/130587/Ubuntu-Vivid-Upstart-Privilege-Escalation.html

seclists.org/fulldisclosure/2015/Mar/7

www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/

bugs.launchpad.net/ubuntu/+source/upstart/+bug/1425685

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

16.1%

JSON

Related for CVE-2015-2285

nvd1 zdt1 ubuntucve1 prion1 cvelist1