CYBER NEWS

CVE-2018-14665: Vulnerabilidade Xorg afeta ambos os sistemas Linux e BSD

sistemas Linux e BSD enfrentam um risco crítico como uma vulnerabilidade Xorg foi encontrado. Este é o servidor principal do display, que é usado para fornecer o motor gráfico. The issue is tracked in the CVE-2018-14665 advisory and is related to an incorrect permission check.




CVE-2018-14665: The Xorg Vulnerability Affects Almost all Linux and BSD Users

A security announcement revealed that there is a dangerous bug in Xorg which is one of the most important components of a typical Linux and BSD system. Xorg is the preferred display server for these systems and it provides the graphics stack used to desktop environments and window managers. In practice the only cases where it is not used is where an alternative solution is used (such as Ubuntu’s Mir) or a console-only installation is deployed, common cases are servers or IoT devices. The dangerous consequence is that the demonstrated proof-of-concept allows hackers to hijack target computers with three simple commands. A post on Twitter gives further details and a link to the exploit code.

The Xorg vulnerability is assigned with the CVE-2018-14665 advisory which reads the following:

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

relacionado:
Uma nova vulnerabilidade do kernel Linux identificado como CVE-2018-14619 foi descoberto pela Red Hat Engenharia pesquisadores Florian Weimer e Ondrej Mosnacek.
CVE-2018-14619: Vulnerabilidade New Critical Linux Kernel

Essentially by taking advantage of this bug malicious actors that have access to the target systems can elevate their privileges eventually obtaining root access. This would be the case if the standard vulnerable version of the server is deployed. If the Xorg server process is executed with root privileges then the interacting clients can use the flaw to acquire the administrative privileges.

The developers of the Xorg server have already released the necessary patches. The problem was resolved by disabling the support for two command-line arguments that have been found to lead to this behavior. All major distributions are confirmed to be impacted: Red Hat Enterprise Linux, CentOS, Fedora, Debian, OpenBSD and Ubuntu.

All Linux and BSD users are advised to apply the latest security updates in order to stay safe.

Avatar

Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts - Local na rede Internet

Me siga:
TwitterGoogle Plus

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...