Vulnerability CVE-2018-14665
Published: 2018-10-25

Description:
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
xorg-x11-server Local Privilege Escalation
Hacker Fantastic
29.10.2018
High
xorg-x11-server modulepath Local Privilege Escalation
Marco Ivaldi
03.12.2018

Type:

CWE-863

 (Incorrect Authorization)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
X.org -> Xorg-server 
Redhat -> Enterprise linux desktop 
Redhat -> Enterprise linux server 
Redhat -> Enterprise linux server aus 
Redhat -> Enterprise linux server eus 
Redhat -> Enterprise linux server tus 
Redhat -> Enterprise linux workstation 
Debian -> Debian linux 
Canonical -> Ubuntu linux 

 References:
http://www.securityfocus.com/bid/105741
http://www.securitytracker.com/id/1041948
https://access.redhat.com/errata/RHSA-2018:3410
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170
https://lists.x.org/archives/xorg-announce/2018-October/002927.html
https://security.gentoo.org/glsa/201810-09
https://usn.ubuntu.com/3802-1/
https://www.debian.org/security/2018/dsa-4328
https://www.exploit-db.com/exploits/45697/
https://www.exploit-db.com/exploits/45742/
https://www.exploit-db.com/exploits/45832/
https://www.exploit-db.com/exploits/45908/
https://www.exploit-db.com/exploits/45922/
https://www.exploit-db.com/exploits/45938/
https://www.exploit-db.com/exploits/46142/
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
Copyright 2024, cxsecurity.com

 

Back to Top