PT-2018-1714 · X.Org+6 · X.Org Server+6

Narendra Shinde

Publicado

2018-10-25

Atualizado

2024-06-15

CVE-2018-14665

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: X.Org Server versions prior to 1.20.3

Description: The issue is caused by incorrect handling and validation of command line parameters, specifically the modulepath and logfile options when starting the Xorg server. This could allow a remote attacker to gain elevated privileges on the system, potentially leading to the execution of arbitrary code under root privileges. The vulnerability can be exploited by using the -modulepath or -logfile arguments to overwrite arbitrary files on the system.

Recommendations: For versions prior to 1.20.3, update to version 1.20.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the modulepath and logfile options when starting the Xorg server to minimize the risk of exploitation.

Exploit

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863CWE-271

Identificadores relacionados

ALT-PU-2018-2568

BDU:2018-01290

CESA-2018_3410

CVE-2018-14665

DSA-4328-1

ELSA-2018-3410

MGASA-2018-0421

OPENSUSE-SU-2018_3800-1

OPENSUSE-SU-2024:11525-1

RHSA-2018:3410

RHSA-2018_3410

SUSE-SU-2018:3456-1

SUSE-SU-2018:3680-1

SUSE-SU-2018_3456-1

SUSE-SU-2018_3680-1

USN-3802-1

Produtos afetados

Alt Linux

Centos

Ibm Aix

Red Hat

Suse

Ubuntu

X.Org Server

PT-2018-1714 · X.Org+6 · X.Org Server+6

CVE-2018-14665

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 83