Vulnerabilities > CVE-2018-14665 - Incorrect Authorization vulnerability in multiple products

047910
CVSS 6.6 - MEDIUM
Attack vector
PHYSICAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
low complexity
x-org
redhat
canonical
debian
CWE-863
nessus
exploit available
metasploit

Summary

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

Vulnerable Configurations

Part Description Count
Application
X.Org
172
OS
Redhat
6
OS
Canonical
3
OS
Debian
1

Common Weakness Enumeration (CWE)

Exploit-Db

  • fileexploits/multiple/local/45922.sh
    idEDB-ID:45922
    last seen2018-11-30
    modified2018-11-30
    platformmultiple
    port
    published2018-11-30
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/45922
    titlexorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation
    typelocal
  • fileexploits/multiple/local/45908.rb
    idEDB-ID:45908
    last seen2018-11-30
    modified2018-11-26
    platformmultiple
    port
    published2018-11-26
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/45908
    titleXorg X11 Server - SUID privilege escalation (Metasploit)
    typelocal
  • fileexploits/linux/local/45832.py
    idEDB-ID:45832
    last seen2018-11-30
    modified2018-11-13
    platformlinux
    port
    published2018-11-13
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/45832
    titlexorg-x11-server < 1.20.1 - Local Privilege Escalation
    typelocal
  • fileexploits/aix/local/45938.pl
    idEDB-ID:45938
    last seen2018-12-04
    modified2018-12-04
    platformaix
    port
    published2018-12-04
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/45938
    titleXorg X11 Server (AIX) - Local Privilege Escalation
    typelocal
  • fileexploits/solaris/local/46142.sh
    idEDB-ID:46142
    last seen2019-01-14
    modified2019-01-14
    platformsolaris
    port
    published2019-01-14
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/46142
    titlexorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)
    typelocal
  • fileexploits/openbsd/local/45742.sh
    idEDB-ID:45742
    last seen2018-11-30
    modified2018-10-30
    platformopenbsd
    port
    published2018-10-30
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/45742
    titlexorg-x11-server 1.20.3 - Privilege Escalation
    typelocal
  • idEDB-ID:47701
    last seen2019-11-20
    modified2019-11-20
    published2019-11-20
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/47701
    titleXorg X11 Server - Local Privilege Escalation (Metasploit)
  • fileexploits/multiple/local/45697.txt
    idEDB-ID:45697
    last seen2018-11-30
    modified2018-10-25
    platformmultiple
    port
    published2018-10-25
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/45697
    titlexorg-x11-server < 1.20.3 - Local Privilege Escalation
    typelocal

Metasploit

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-839720583A.NASL
    descriptionFix for CVE-2018-14665 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120575
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120575
    titleFedora 28 : xorg-x11-server (2018-839720583a)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-915.NASL
    descriptionThis update for xorg-x11-server fixes the following issues : - CVE-2018-14665: Disable -logfile and -modulepath when running with elevated privileges (bsc#1112020, Note that SUSE by default does not run with elevated privileges, so the default installation is not affected by this problem. This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123375
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123375
    titleopenSUSE Security Update : xorg-x11-server (openSUSE-2019-915)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3680-1.NASL
    descriptionThis update for xorg-x11-server fixes the following issues : CVE-2018-14665: Disable -logfile and -modulepath when running with elevated privileges (bsc#1112020, Note that SUSE by default does not run with elevated privileges, so the default installation is not affected by this problem. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id120159
    published2019-01-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120159
    titleSUSE SLED15 / SLES15 Security Update : xorg-x11-server (SUSE-SU-2018:3680-1)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ11550.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id119632
    published2018-12-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119632
    titleAIX 7.2 TL 3 : xorg (IJ11550)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3456-1.NASL
    descriptionThis update for xorg-x11-server provides the following fix : Security issue fixed : CVE-2018-14665: Local attackers could overwrite system files in any directory using the -logfile option and gain privileges (bsc#1111697) Non security issues fixed: Do not write past the allocated buffer. (bsc#1078383) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118457
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118457
    titleSUSE SLES11 Security Update : xorg-x11-server (SUSE-SU-2018:3456-1)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ11547.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id119630
    published2018-12-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119630
    titleAIX 7.2 TL 1 : xorg (IJ11547)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2683.NASL
    descriptionAccording to the versions of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.(CVE-2018-14665) - In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.(CVE-2017-10971) - In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.(CVE-2017-13721) - It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.(CVE-2017-2624) - Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.(CVE-2017-10972) - xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12178) - xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12176) - xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12185) - xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12187) - xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12183) - xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12181) - xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12182) - xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12180) - xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12184) - xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12186) - xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12179) - xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12177) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-18
    plugin id132218
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132218
    titleEulerOS 2.0 SP3 : xorg-x11-server (EulerOS-SA-2019-2683)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-3410.NASL
    descriptionAn update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es) : * xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Narendra Shinde for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id119006
    published2018-11-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119006
    titleCentOS 7 : xorg-x11-server (CESA-2018:3410)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201810-09.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201810-09 (X.Org X Server: Privilege escalation) An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. Impact : A local attacker can escalate privileges to root by passing crafted parameters to the X.org X server. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id118509
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118509
    titleGLSA-201810-09 : X.Org X Server: Privilege escalation
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ11551.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id119633
    published2018-12-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119633
    titleAIX 5.3 TL 12 : xorg (IJ11551)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ11000.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id119626
    published2018-12-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119626
    titleAIX 6.1 TL 9 : xorg (IJ11000)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-4AB08FEDD6.NASL
    descriptionFix for CVE-2018-14665 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120398
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120398
    titleFedora 29 : xorg-x11-server (2018-4ab08fedd6)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1062.NASL
    descriptionAccording to the versions of the xorg-x11-server packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.(CVE-2018-14665) - systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.(CVE-2018-20839)(CVE-2019-1547) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132816
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132816
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : xorg-x11-server (EulerOS-SA-2020-1062)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3410.NASL
    descriptionAn update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es) : * xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Narendra Shinde for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id118557
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118557
    titleRHEL 7 : xorg-x11-server (RHSA-2018:3410)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-3410.NASL
    descriptionFrom Red Hat Security Advisory 2018:3410 : An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es) : * xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Narendra Shinde for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id118812
    published2018-11-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118812
    titleOracle Linux 7 : xorg-x11-server (ELSA-2018-3410)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3802-1.NASL
    descriptionNarendra Shinde discovered that the X.Org X server incorrectly handled certain command line parameters when running as root with the legacy wrapper. When certain graphics drivers are being used, a local attacker could possibly use this issue to overwrite arbitrary files and escalate privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118492
    published2018-10-29
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118492
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 : xorg-server, xorg-server-hwe-16.04 vulnerability (USN-3802-1)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ11546.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id119629
    published2018-12-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119629
    titleAIX 7.2 TL 0 : xorg (IJ11546)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ11549.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id119631
    published2018-12-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119631
    titleAIX 7.2 TL 2 : xorg (IJ11549)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2553.NASL
    descriptionAccording to the version of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.(CVE-2018-14665) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-09
    plugin id131827
    published2019-12-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131827
    titleEulerOS 2.0 SP5 : xorg-x11-server (EulerOS-SA-2019-2553)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1420.NASL
    descriptionThis update for xorg-x11-server fixes the following issues : - CVE-2018-14665: Disable -logfile and -modulepath when running with elevated privileges (bsc#1112020, Note that SUSE by default does not run with elevated privileges, so the default installation is not affected by this problem. This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-11-19
    plugin id119025
    published2018-11-19
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119025
    titleopenSUSE Security Update : xorg-x11-server (openSUSE-2018-1420)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2123.NASL
    descriptionAccording to the version of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.(CVE-2018-14665) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-11-12
    plugin id130832
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130832
    titleEulerOS 2.0 SP8 : xorg-x11-server (EulerOS-SA-2019-2123)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0045_XORG-X11-SERVER.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xorg-x11-server packages installed that are affected by a vulnerability: - An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. (CVE-2018-14665) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127225
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127225
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : xorg-x11-server Vulnerability (NS-SA-2019-0045)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ11544.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id119627
    published2018-12-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119627
    titleAIX 7.1 TL 4 : xorg (IJ11544)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ11545.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id119628
    published2018-12-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119628
    titleAIX 7.1 TL 5 : xorg (IJ11545)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2421.NASL
    descriptionAccording to the versions of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12177) - xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12178) - xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12179) - xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12180) - xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12181) - xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12182) - xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12183) - xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12184) - xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12185) - xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12186) - xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12187) - In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.(CVE-2017-13721) - It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.(CVE-2017-2624) - A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.(CVE-2018-14665) - In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.(CVE-2017-10971) - Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.(CVE-2017-10972) - xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.(CVE-2017-12176) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-10
    plugin id131913
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131913
    titleEulerOS 2.0 SP2 : xorg-x11-server (EulerOS-SA-2019-2421)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4328.NASL
    descriptionNarendra Shinde discovered that incorrect command-line parameter validation in the Xorg X server may result in arbitary file overwrite, which can result in privilege escalation.
    last seen2020-06-01
    modified2020-06-02
    plugin id118474
    published2018-10-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118474
    titleDebian DSA-4328-1 : xorg-server - security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1236.NASL
    descriptionAccording to the version of the xorg-x11-server packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.(CVE-2018-14665) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134525
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134525
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : xorg-x11-server (EulerOS-SA-2020-1236)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181031_XORG_X11_SERVER_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665) The SL Team added a fix for upstream bug 1650634
    last seen2020-03-18
    modified2018-11-27
    plugin id119207
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119207
    titleScientific Linux Security Update : xorg-x11-server on SL7.x x86_64 (20181031)

Packetstorm

Redhat

advisories
bugzilla
id1637761
titleCVE-2018-14665 xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • commentxorg-x11-server-source is earlier than 0:1.20.1-5.1.el7
          ovaloval:com.redhat.rhsa:tst:20183410001
        • commentxorg-x11-server-source is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20141376182
      • AND
        • commentxorg-x11-server-Xvfb is earlier than 0:1.20.1-5.1.el7
          ovaloval:com.redhat.rhsa:tst:20183410003
        • commentxorg-x11-server-Xvfb is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20141376190
      • AND
        • commentxorg-x11-server-Xdmx is earlier than 0:1.20.1-5.1.el7
          ovaloval:com.redhat.rhsa:tst:20183410005
        • commentxorg-x11-server-Xdmx is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20141376186
      • AND
        • commentxorg-x11-server-Xnest is earlier than 0:1.20.1-5.1.el7
          ovaloval:com.redhat.rhsa:tst:20183410007
        • commentxorg-x11-server-Xnest is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20141376188
      • AND
        • commentxorg-x11-server-devel is earlier than 0:1.20.1-5.1.el7
          ovaloval:com.redhat.rhsa:tst:20183410009
        • commentxorg-x11-server-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20141376184
      • AND
        • commentxorg-x11-server-Xwayland is earlier than 0:1.20.1-5.1.el7
          ovaloval:com.redhat.rhsa:tst:20183410011
        • commentxorg-x11-server-Xwayland is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20183059216
      • AND
        • commentxorg-x11-server-Xephyr is earlier than 0:1.20.1-5.1.el7
          ovaloval:com.redhat.rhsa:tst:20183410013
        • commentxorg-x11-server-Xephyr is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20141376196
      • AND
        • commentxorg-x11-server-Xorg is earlier than 0:1.20.1-5.1.el7
          ovaloval:com.redhat.rhsa:tst:20183410015
        • commentxorg-x11-server-Xorg is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20141376192
      • AND
        • commentxorg-x11-server-common is earlier than 0:1.20.1-5.1.el7
          ovaloval:com.redhat.rhsa:tst:20183410017
        • commentxorg-x11-server-common is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20141376194
rhsa
idRHSA-2018:3410
released2018-10-30
severityImportant
titleRHSA-2018:3410: xorg-x11-server security update (Important)
rpms
  • xorg-x11-server-Xdmx-0:1.20.1-5.1.el7
  • xorg-x11-server-Xephyr-0:1.20.1-5.1.el7
  • xorg-x11-server-Xnest-0:1.20.1-5.1.el7
  • xorg-x11-server-Xorg-0:1.20.1-5.1.el7
  • xorg-x11-server-Xvfb-0:1.20.1-5.1.el7
  • xorg-x11-server-Xwayland-0:1.20.1-5.1.el7
  • xorg-x11-server-common-0:1.20.1-5.1.el7
  • xorg-x11-server-debuginfo-0:1.20.1-5.1.el7
  • xorg-x11-server-devel-0:1.20.1-5.1.el7
  • xorg-x11-server-source-0:1.20.1-5.1.el7

The Hacker News

idTHN:8589C696FD99566AD522DE3118ECE8B9
last seen2018-10-26
modified2018-10-26
published2018-10-26
reporterThe Hacker News
sourcehttps://thehackernews.com/2018/10/privilege-escalation-linux.html
titleNew Privilege Escalation Flaw Affects Most Linux Distributions

References