TROYANOSYVIRUS
Back to CVEs

CVE-2018-14665

N/A

Description

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

CVE Details

CVSS v3.1 ScoreN/A
Published10/25/2018
Last Modified8/29/2025
Sourcenvd
Honeypot Sightings0

Affected Products

canonical:ubuntu_linuxdebian:debian_linuxredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_eusredhat:enterprise_linux_server_tusredhat:enterprise_linux_workstationx.org:x_server

Weaknesses (CWE)

CWE-863

References

http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html(secalert@redhat.com)
http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html(secalert@redhat.com)
http://www.securityfocus.com/bid/105741(secalert@redhat.com)
http://www.securitytracker.com/id/1041948(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:3410(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665(secalert@redhat.com)
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e(secalert@redhat.com)
https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170(secalert@redhat.com)
https://lists.x.org/archives/xorg-announce/2018-October/002927.html(secalert@redhat.com)
https://security.gentoo.org/glsa/201810-09(secalert@redhat.com)
https://usn.ubuntu.com/3802-1/(secalert@redhat.com)
https://www.debian.org/security/2018/dsa-4328(secalert@redhat.com)
https://www.exploit-db.com/exploits/45697/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45742/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45832/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45908/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45922/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45938/(secalert@redhat.com)
https://www.exploit-db.com/exploits/46142/(secalert@redhat.com)
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html(secalert@redhat.com)
http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/105741(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1041948(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:3410(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170(af854a3a-2127-422b-91ae-364da2661108)
https://lists.x.org/archives/xorg-announce/2018-October/002927.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201810-09(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3802-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4328(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45697/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45742/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45832/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45908/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45922/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45938/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46142/(af854a3a-2127-422b-91ae-364da2661108)
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.