Ubuntu Vivid Upstart Privilege Escalation

2015.03.03
Credit: halfdog
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Although just reported to Ubuntu, this minor dev-branch issue was already made public. As the launchpad/lkml/... feed-miners should not play all the games alone, and as others may want to learn how beginner errors still make it into packages of quite large distributions, enjoy the power of for session in /run/user/*/upstart/sessions/* do env $(cat $session) /sbin/initctl emit rotate-logs >/dev/null 2>&1 || true done executed as root. See [1] hd [1] http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/ - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlTwJXEACgkQxFmThv7tq+4LKgCcCKMaOdO0xObIno415g6qZAxp LZQAnj8giZDPkLYZPD/TVhY958/vXMSJ =xyAX -----END PGP SIGNATURE-----

References:

http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top