Unrated severityNVD Advisory· Published Mar 12, 2015· Updated May 6, 2026

CVE-2015-2285

Description

The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.

Affected products

Ubuntu/Upstart
cpe:2.3:a:ubuntu:upstart:*:*:*:*:*:*:*:*
Range: <=1.13.2-0ubuntu7
Ubuntu/Vivid
cpe:2.3:a:ubuntu:vivid:15.04:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/130587/Ubuntu-Vivid-Upstart-Privilege-Escalation.htmlnvdExploit
seclists.org/fulldisclosure/2015/Mar/7nvdExploit
www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/nvdExploit
bugs.launchpad.net/ubuntu/+source/upstart/+bug/1425685nvdExploitVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000