Vulnerabilities > CVE-2018-14665 - Incorrect Authorization vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
file exploits/multiple/local/45922.sh id EDB-ID:45922 last seen 2018-11-30 modified 2018-11-30 platform multiple port published 2018-11-30 reporter Exploit-DB source https://www.exploit-db.com/download/45922 title xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation type local file exploits/multiple/local/45908.rb id EDB-ID:45908 last seen 2018-11-30 modified 2018-11-26 platform multiple port published 2018-11-26 reporter Exploit-DB source https://www.exploit-db.com/download/45908 title Xorg X11 Server - SUID privilege escalation (Metasploit) type local file exploits/linux/local/45832.py id EDB-ID:45832 last seen 2018-11-30 modified 2018-11-13 platform linux port published 2018-11-13 reporter Exploit-DB source https://www.exploit-db.com/download/45832 title xorg-x11-server < 1.20.1 - Local Privilege Escalation type local file exploits/aix/local/45938.pl id EDB-ID:45938 last seen 2018-12-04 modified 2018-12-04 platform aix port published 2018-12-04 reporter Exploit-DB source https://www.exploit-db.com/download/45938 title Xorg X11 Server (AIX) - Local Privilege Escalation type local file exploits/solaris/local/46142.sh id EDB-ID:46142 last seen 2019-01-14 modified 2019-01-14 platform solaris port published 2019-01-14 reporter Exploit-DB source https://www.exploit-db.com/download/46142 title xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab) type local file exploits/openbsd/local/45742.sh id EDB-ID:45742 last seen 2018-11-30 modified 2018-10-30 platform openbsd port published 2018-10-30 reporter Exploit-DB source https://www.exploit-db.com/download/45742 title xorg-x11-server 1.20.3 - Privilege Escalation type local id EDB-ID:47701 last seen 2019-11-20 modified 2019-11-20 published 2019-11-20 reporter Exploit-DB source https://www.exploit-db.com/download/47701 title Xorg X11 Server - Local Privilege Escalation (Metasploit) file exploits/multiple/local/45697.txt id EDB-ID:45697 last seen 2018-11-30 modified 2018-10-25 platform multiple port published 2018-10-25 reporter Exploit-DB source https://www.exploit-db.com/download/45697 title xorg-x11-server < 1.20.3 - Local Privilege Escalation type local
Metasploit
description This module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 < 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This module has been tested with CentOS 7 (1708). CentOS default install will require console auth for the users session. Xorg must have SUID permissions and may not start if running. On successful exploitation artifacts will be created consistant with starting Xorg. id MSF:EXPLOIT/MULTI/LOCAL/XORG_X11_SUID_SERVER_MODULEPATH last seen 2020-06-14 modified 2019-10-22 published 2018-11-25 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/local/xorg_x11_suid_server_modulepath.rb title Xorg X11 Server SUID modulepath Privilege Escalation description This module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 < 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This module has been tested with OpenBSD 6.3, 6.4, CentOS 7.4.1708, and CentOS 7.5.1804, and RHEL 7.5. The default PAM configuration for CentOS and RHEL systems requires console auth for the user's session to start the Xorg server. Cron launches the payload, so if SELinux is enforcing, exploitation may still be possible, but the module will bail. Xorg must have SUID permissions and may not start if already running. On exploitation a crontab.old backup file will be created by Xorg. This module will remove the .old file and restore crontab after successful exploitation. Failed exploitation may result in a corrupted crontab. On successful exploitation artifacts will be created consistant with starting Xorg and running a cron. id MSF:EXPLOIT/MULTI/LOCAL/XORG_X11_SUID_SERVER last seen 2020-06-14 modified 2019-04-21 published 2018-11-10 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/local/xorg_x11_suid_server.rb title Xorg X11 Server SUID logfile Privilege Escalation description WARNING: Successful execution of this module results in /etc/passwd being overwritten. This module is a port of the OpenBSD X11 Xorg exploit to run on AIX. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users need to be included when /etc/passwd is overwritten, else AIX will throw 'Cannot get "LOGNAME" variable' when attempting to change user. The Xorg '-fp' parameter used in the OpenBSD exploit does not work on AIX, and is replaced by '-config', in conjuction with ANSI-C quotes to inject newlines when overwriting /etc/passwd. id MSF:EXPLOIT/AIX/LOCAL/XORG_X11_SERVER last seen 2020-06-14 modified 2019-11-11 published 2019-02-06 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/aix/local/xorg_x11_server.rb title Xorg X11 Server Local Privilege Escalation
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2018-839720583A.NASL description Fix for CVE-2018-14665 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120575 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120575 title Fedora 28 : xorg-x11-server (2018-839720583a) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-915.NASL description This update for xorg-x11-server fixes the following issues : - CVE-2018-14665: Disable -logfile and -modulepath when running with elevated privileges (bsc#1112020, Note that SUSE by default does not run with elevated privileges, so the default installation is not affected by this problem. This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123375 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123375 title openSUSE Security Update : xorg-x11-server (openSUSE-2019-915) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3680-1.NASL description This update for xorg-x11-server fixes the following issues : CVE-2018-14665: Disable -logfile and -modulepath when running with elevated privileges (bsc#1112020, Note that SUSE by default does not run with elevated privileges, so the default installation is not affected by this problem. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 120159 published 2019-01-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120159 title SUSE SLED15 / SLES15 Security Update : xorg-x11-server (SUSE-SU-2018:3680-1) NASL family AIX Local Security Checks NASL id AIX_IJ11550.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119632 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119632 title AIX 7.2 TL 3 : xorg (IJ11550) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3456-1.NASL description This update for xorg-x11-server provides the following fix : Security issue fixed : CVE-2018-14665: Local attackers could overwrite system files in any directory using the -logfile option and gain privileges (bsc#1111697) Non security issues fixed: Do not write past the allocated buffer. (bsc#1078383) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118457 published 2018-10-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118457 title SUSE SLES11 Security Update : xorg-x11-server (SUSE-SU-2018:3456-1) NASL family AIX Local Security Checks NASL id AIX_IJ11547.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119630 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119630 title AIX 7.2 TL 1 : xorg (IJ11547) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2683.NASL description According to the versions of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.(CVE-2018-14665) - In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.(CVE-2017-10971) - In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.(CVE-2017-13721) - It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.(CVE-2017-2624) - Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.(CVE-2017-10972) - xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12178) - xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12176) - xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12185) - xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12187) - xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12183) - xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12181) - xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12182) - xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12180) - xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12184) - xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12186) - xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12179) - xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12177) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-18 plugin id 132218 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132218 title EulerOS 2.0 SP3 : xorg-x11-server (EulerOS-SA-2019-2683) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-3410.NASL description An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es) : * xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Narendra Shinde for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 119006 published 2018-11-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119006 title CentOS 7 : xorg-x11-server (CESA-2018:3410) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201810-09.NASL description The remote host is affected by the vulnerability described in GLSA-201810-09 (X.Org X Server: Privilege escalation) An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. Impact : A local attacker can escalate privileges to root by passing crafted parameters to the X.org X server. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 118509 published 2018-10-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118509 title GLSA-201810-09 : X.Org X Server: Privilege escalation NASL family AIX Local Security Checks NASL id AIX_IJ11551.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119633 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119633 title AIX 5.3 TL 12 : xorg (IJ11551) NASL family AIX Local Security Checks NASL id AIX_IJ11000.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119626 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119626 title AIX 6.1 TL 9 : xorg (IJ11000) NASL family Fedora Local Security Checks NASL id FEDORA_2018-4AB08FEDD6.NASL description Fix for CVE-2018-14665 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120398 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120398 title Fedora 29 : xorg-x11-server (2018-4ab08fedd6) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1062.NASL description According to the versions of the xorg-x11-server packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.(CVE-2018-14665) - systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.(CVE-2018-20839)(CVE-2019-1547) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132816 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132816 title EulerOS Virtualization for ARM 64 3.0.5.0 : xorg-x11-server (EulerOS-SA-2020-1062) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3410.NASL description An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es) : * xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Narendra Shinde for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 118557 published 2018-10-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118557 title RHEL 7 : xorg-x11-server (RHSA-2018:3410) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-3410.NASL description From Red Hat Security Advisory 2018:3410 : An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es) : * xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Narendra Shinde for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 118812 published 2018-11-08 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118812 title Oracle Linux 7 : xorg-x11-server (ELSA-2018-3410) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3802-1.NASL description Narendra Shinde discovered that the X.Org X server incorrectly handled certain command line parameters when running as root with the legacy wrapper. When certain graphics drivers are being used, a local attacker could possibly use this issue to overwrite arbitrary files and escalate privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118492 published 2018-10-29 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118492 title Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : xorg-server, xorg-server-hwe-16.04 vulnerability (USN-3802-1) NASL family AIX Local Security Checks NASL id AIX_IJ11546.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119629 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119629 title AIX 7.2 TL 0 : xorg (IJ11546) NASL family AIX Local Security Checks NASL id AIX_IJ11549.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119631 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119631 title AIX 7.2 TL 2 : xorg (IJ11549) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2553.NASL description According to the version of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.(CVE-2018-14665) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-09 plugin id 131827 published 2019-12-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131827 title EulerOS 2.0 SP5 : xorg-x11-server (EulerOS-SA-2019-2553) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1420.NASL description This update for xorg-x11-server fixes the following issues : - CVE-2018-14665: Disable -logfile and -modulepath when running with elevated privileges (bsc#1112020, Note that SUSE by default does not run with elevated privileges, so the default installation is not affected by this problem. This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-11-19 plugin id 119025 published 2018-11-19 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119025 title openSUSE Security Update : xorg-x11-server (openSUSE-2018-1420) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2123.NASL description According to the version of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.(CVE-2018-14665) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-11-12 plugin id 130832 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130832 title EulerOS 2.0 SP8 : xorg-x11-server (EulerOS-SA-2019-2123) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0045_XORG-X11-SERVER.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xorg-x11-server packages installed that are affected by a vulnerability: - An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. (CVE-2018-14665) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127225 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127225 title NewStart CGSL CORE 5.04 / MAIN 5.04 : xorg-x11-server Vulnerability (NS-SA-2019-0045) NASL family AIX Local Security Checks NASL id AIX_IJ11544.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119627 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119627 title AIX 7.1 TL 4 : xorg (IJ11544) NASL family AIX Local Security Checks NASL id AIX_IJ11545.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119628 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119628 title AIX 7.1 TL 5 : xorg (IJ11545) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2421.NASL description According to the versions of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12177) - xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12178) - xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12179) - xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12180) - xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12181) - xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12182) - xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12183) - xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12184) - xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12185) - xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12186) - xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12187) - In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.(CVE-2017-13721) - It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.(CVE-2017-2624) - A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.(CVE-2018-14665) - In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.(CVE-2017-10971) - Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.(CVE-2017-10972) - xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12176) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-10 plugin id 131913 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131913 title EulerOS 2.0 SP2 : xorg-x11-server (EulerOS-SA-2019-2421) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4328.NASL description Narendra Shinde discovered that incorrect command-line parameter validation in the Xorg X server may result in arbitary file overwrite, which can result in privilege escalation. last seen 2020-06-01 modified 2020-06-02 plugin id 118474 published 2018-10-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118474 title Debian DSA-4328-1 : xorg-server - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1236.NASL description According to the version of the xorg-x11-server packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.(CVE-2018-14665) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2020-03-13 plugin id 134525 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134525 title EulerOS Virtualization for ARM 64 3.0.2.0 : xorg-x11-server (EulerOS-SA-2020-1236) NASL family Scientific Linux Local Security Checks NASL id SL_20181031_XORG_X11_SERVER_ON_SL7_X.NASL description Security Fix(es) : - xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665) The SL Team added a fix for upstream bug 1650634 last seen 2020-03-18 modified 2018-11-27 plugin id 119207 published 2018-11-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119207 title Scientific Linux Security Update : xorg-x11-server on SL7.x x86_64 (20181031)
Packetstorm
data source https://packetstormsecurity.com/files/download/149957/xorgx11-exec.txt id PACKETSTORM:149957 last seen 2018-10-26 published 2018-10-25 reporter Hacker Fantastic source https://packetstormsecurity.com/files/149957/xorg-x11-server-Local-Privilege-Escalation.html title xorg-x11-server Local Privilege Escalation data source https://packetstormsecurity.com/files/download/150295/xorgx11server-escalate.txt id PACKETSTORM:150295 last seen 2018-11-14 published 2018-11-13 reporter bolonobolo source https://packetstormsecurity.com/files/150295/xorg-x11-server-Local-Privilege-Escalation.html title xorg-x11-server Local Privilege Escalation data source https://packetstormsecurity.com/files/download/150620/xorgx11aix-escalate.txt id PACKETSTORM:150620 last seen 2018-12-06 published 2018-12-05 reporter 0xdono source https://packetstormsecurity.com/files/150620/Xorg-X11-Server-AIX-Local-Privilege-Escalation.html title Xorg X11 Server (AIX) Local Privilege Escalation data source https://packetstormsecurity.com/files/download/150450/xorg_x11_suid_server.rb.txt id PACKETSTORM:150450 last seen 2018-11-26 published 2018-11-25 reporter Narendra Shinde source https://packetstormsecurity.com/files/150450/Xorg-X11-Server-SUID-Privilege-Escalation.html title Xorg X11 Server SUID Privilege Escalation data source https://packetstormsecurity.com/files/download/151136/xorgx11-escalate.txt id PACKETSTORM:151136 last seen 2019-01-15 published 2019-01-14 reporter Marco Ivaldi source https://packetstormsecurity.com/files/151136/xorg-x11-server-Local-Privilege-Escalation.html title xorg-x11-server Local Privilege Escalation data source https://packetstormsecurity.com/files/download/150042/x111203-escalate.txt id PACKETSTORM:150042 last seen 2018-10-31 published 2018-10-31 reporter Marco Ivaldi source https://packetstormsecurity.com/files/150042/xorg-x11-server-1.20.3-Privilege-Escalation.html title xorg-x11-server 1.20.3 Privilege Escalation data source https://packetstormsecurity.com/files/download/149958/xorgx11local-exec.txt id PACKETSTORM:149958 last seen 2018-10-26 published 2018-10-25 reporter infodox source https://packetstormsecurity.com/files/149958/xorg-x11-server-Local-Root.html title xorg-x11-server Local Root data source https://packetstormsecurity.com/files/download/150554/xorgx11modulepath-escalate.txt id PACKETSTORM:150554 last seen 2018-12-01 published 2018-12-01 reporter Marco Ivaldi source https://packetstormsecurity.com/files/150554/xorg-x11-server-modulepath-Local-Privilege-Escalation.html title xorg-x11-server modulepath Local Privilege Escalation data source https://packetstormsecurity.com/files/download/155276/xorg_x11_server.rb.txt id PACKETSTORM:155276 last seen 2019-11-14 published 2019-11-12 reporter Narendra Shinde source https://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html title Xorg X11 Server Local Privilege Escalation data source https://packetstormsecurity.com/files/download/154942/xorg_x11_suid_server_modulepath.rb.txt id PACKETSTORM:154942 last seen 2019-10-24 published 2019-10-22 reporter Narendra Shinde source https://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html title Xorg X11 Server SUID modulepath Privilege Escalation
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
The Hacker News
| id | THN:8589C696FD99566AD522DE3118ECE8B9 |
| last seen | 2018-10-26 |
| modified | 2018-10-26 |
| published | 2018-10-26 |
| reporter | The Hacker News |
| source | https://thehackernews.com/2018/10/privilege-escalation-linux.html |
| title | New Privilege Escalation Flaw Affects Most Linux Distributions |
References
- http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html
- http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html
- http://www.securityfocus.com/bid/105741
- http://www.securitytracker.com/id/1041948
- https://access.redhat.com/errata/RHSA-2018:3410
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665
- https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
- https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170
- https://lists.x.org/archives/xorg-announce/2018-October/002927.html
- https://security.gentoo.org/glsa/201810-09
- https://usn.ubuntu.com/3802-1/
- https://www.debian.org/security/2018/dsa-4328
- https://www.exploit-db.com/exploits/45697/
- https://www.exploit-db.com/exploits/45742/
- https://www.exploit-db.com/exploits/45832/
- https://www.exploit-db.com/exploits/45908/
- https://www.exploit-db.com/exploits/45922/
- https://www.exploit-db.com/exploits/45938/
- https://www.exploit-db.com/exploits/46142/
- https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html