TROYANOSYVIRUS
Volver a CVEs

CVE-2018-14665

N/A

Descripcion

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

Detalles CVE

Puntuacion CVSS v3.1N/A
Publicado10/25/2018
Ultima modificacion8/29/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

canonical:ubuntu_linuxdebian:debian_linuxredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_eusredhat:enterprise_linux_server_tusredhat:enterprise_linux_workstationx.org:x_server

Debilidades (CWE)

CWE-863

Referencias

http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html(secalert@redhat.com)
http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html(secalert@redhat.com)
http://www.securityfocus.com/bid/105741(secalert@redhat.com)
http://www.securitytracker.com/id/1041948(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:3410(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665(secalert@redhat.com)
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e(secalert@redhat.com)
https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170(secalert@redhat.com)
https://lists.x.org/archives/xorg-announce/2018-October/002927.html(secalert@redhat.com)
https://security.gentoo.org/glsa/201810-09(secalert@redhat.com)
https://usn.ubuntu.com/3802-1/(secalert@redhat.com)
https://www.debian.org/security/2018/dsa-4328(secalert@redhat.com)
https://www.exploit-db.com/exploits/45697/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45742/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45832/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45908/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45922/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45938/(secalert@redhat.com)
https://www.exploit-db.com/exploits/46142/(secalert@redhat.com)
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html(secalert@redhat.com)
http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/105741(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1041948(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:3410(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170(af854a3a-2127-422b-91ae-364da2661108)
https://lists.x.org/archives/xorg-announce/2018-October/002927.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201810-09(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3802-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4328(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45697/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45742/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45832/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45908/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45922/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45938/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46142/(af854a3a-2127-422b-91ae-364da2661108)
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.