CVE-2018-14665

medium

Description

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

From the Tenable Blog

Tweetable Exploit for X.org Server Local Privilege Escalation (CVE-2018-14665) Released
Tweetable Exploit for X.org Server Local Privilege Escalation (CVE-2018-14665) Released

Published: 2018-10-26

A researcher has published a local privilege escalation exploit that fits in a single tweet for xorg-x11-server. Vendors are rolling out fixes and mitigation advice. Background On October 25, a tweetable proof-of-concept (PoC) exploit for a newly discovered local privilege escalation (LPE) vulnerability in xorg-x11-server was released.

References

https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html

https://www.exploit-db.com/exploits/46142/

https://www.exploit-db.com/exploits/45938/

https://www.exploit-db.com/exploits/45922/

https://www.exploit-db.com/exploits/45908/

https://www.exploit-db.com/exploits/45832/

https://www.exploit-db.com/exploits/45742/

https://www.exploit-db.com/exploits/45697/

https://www.debian.org/security/2018/dsa-4328

https://usn.ubuntu.com/3802-1/

https://security.gentoo.org/glsa/201810-09

https://lists.x.org/archives/xorg-announce/2018-October/002927.html

https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170

https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665

https://access.redhat.com/errata/RHSA-2018:3410

http://www.securitytracker.com/id/1041948

http://www.securityfocus.com/bid/105741

http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html

http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html

Details

Source: Mitre, NVD

Published: 2018-10-25

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 6.6

Vector: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: Medium