Problem description: Ubuntu Vivid 1504 (development branch) installs an insecure upstart logrotation script which will read user-supplied data from /run/user/[uid]/upstart/sessions and pass then unsanitized to an env command. As user run directory is user-writable, the user may inject arbitrary commands into the logrotation script, which will be executed during daily cron job execution around midnight with root privileges.
more here........http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/
more here........http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/