CVE-2018-14665: Xorg Vulnerability Affects Both Linux and BSD Systems
CYBER NEWS

CVE-2018-14665: Xorg Vulnerability Affects Both Linux and BSD Systems

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Linux and BSD systems face a critical risk as a Xorg vulnerability has been found. This is the main display server which is used to provide the graphics engine. The issue is tracked in the CVE-2018-14665 advisory and is related to an incorrect permission check.




CVE-2018-14665: The Xorg Vulnerability Affects Almost all Linux and BSD Users

A security announcement revealed that there is a dangerous bug in Xorg which is one of the most important components of a typical Linux and BSD system. Xorg is the preferred display server for these systems and it provides the graphics stack used to desktop environments and window managers. In practice the only cases where it is not used is where an alternative solution is used (such as Ubuntu’s Mir) or a console-only installation is deployed, common cases are servers or IoT devices. The dangerous consequence is that the demonstrated proof-of-concept allows hackers to hijack target computers with three simple commands. A post on Twitter gives further details and a link to the exploit code.

The Xorg vulnerability is assigned with the CVE-2018-14665 advisory which reads the following:

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

Related: CVE-2018-14619: New Critical Linux Kernel Vulnerability

Essentially by taking advantage of this bug malicious actors that have access to the target systems can elevate their privileges eventually obtaining root access. This would be the case if the standard vulnerable version of the server is deployed. If the Xorg server process is executed with root privileges then the interacting clients can use the flaw to acquire the administrative privileges.

The developers of the Xorg server have already released the necessary patches. The problem was resolved by disabling the support for two command-line arguments that have been found to lead to this behavior. All major distributions are confirmed to be impacted: Red Hat Enterprise Linux, CentOS, Fedora, Debian, OpenBSD and Ubuntu.

All Linux and BSD users are advised to apply the latest security updates in order to stay safe.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...