PT-2018-1714 · X.Org+6 · X.Org Server+6

Narendra Shinde

Published

2018-10-25

Updated

2024-06-15

CVE-2018-14665

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: X.Org Server versions prior to 1.20.3

Description: The issue is caused by incorrect handling and validation of command line parameters, specifically the modulepath and logfile options when starting the Xorg server. This could allow a remote attacker to gain elevated privileges on the system, potentially leading to the execution of arbitrary code under root privileges. The vulnerability can be exploited by using the -modulepath or -logfile arguments to overwrite arbitrary files on the system.

Recommendations: For versions prior to 1.20.3, update to version 1.20.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the modulepath and logfile options when starting the Xorg server to minimize the risk of exploitation.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-271

Related Identifiers

ALT-PU-2018-2568

BDU:2018-01290

CESA-2018_3410

CVE-2018-14665

DSA-4328-1

ELSA-2018-3410

MGASA-2018-0421

OPENSUSE-SU-2018_3800-1

OPENSUSE-SU-2024:11525-1

RHSA-2018:3410

RHSA-2018_3410

SUSE-SU-2018:3456-1

SUSE-SU-2018:3680-1

SUSE-SU-2018_3456-1

SUSE-SU-2018_3680-1

USN-3802-1

Affected Products

Alt Linux

Centos

Ibm Aix

Red Hat

Suse

Ubuntu

X.Org Server

PT-2018-1714 · X.Org+6 · X.Org Server+6

CVE-2018-14665

Weakness Enumeration

Related Identifiers

Affected Products

References · 83