Detections
Analytics
CVE-2018-14665
medium
Description
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
From the Tenable Blog
Tweetable Exploit for X.org Server Local Privilege Escalation (CVE-2018-14665) Released
Published: 2018-10-26
A researcher has published a local privilege escalation exploit that fits in a single tweet for xorg-x11-server. Vendors are rolling out fixes and mitigation advice. Background On October 25, a tweetable proof-of-concept (PoC) exploit for a newly discovered local privilege escalation (LPE) vulnerability in xorg-x11-server was released.
References
https://www.debian.org/security/2018/dsa-4328
https://usn.ubuntu.com/3802-1/
https://security.gentoo.org/glsa/201810-09
https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665
https://access.redhat.com/errata/RHSA-2018:3410
https://www.exploit-db.com/exploits/46142/
https://www.exploit-db.com/exploits/45938/
https://www.exploit-db.com/exploits/45922/
https://www.exploit-db.com/exploits/45908/
https://www.exploit-db.com/exploits/45832/