Ubuntu Vivid Upstart suffers from a logrotate privilege escalation vulnerability.
57ba2d59b5541f853776351cd1d83860c51f823ac02e23145009c9b6c6f926b2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Although just reported to Ubuntu, this minor dev-branch issue was already made public. As the launchpad/lkml/... feed-miners should not play all the games alone, and as others may want to learn how beginner errors still make it into packages of quite large distributions, enjoy the power of
for session in /run/user/*/upstart/sessions/*
do
env $(cat $session) /sbin/initctl emit rotate-logs >/dev/null 2>&1 || true
done
executed as root. See [1]
hd
[1] http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/
- --
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlTwJXEACgkQxFmThv7tq+4LKgCcCKMaOdO0xObIno415g6qZAxp
LZQAnj8giZDPkLYZPD/TVhY958/vXMSJ
=xyAX
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed