TROYANOSYVIRUS
Retour aux CVEs

CVE-2018-14665

N/A

Description

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

Details CVE

Score CVSS v3.1N/A
Publie10/25/2018
Derniere modification8/29/2025
Sourcenvd
Observations honeypot0

Produits affectes

canonical:ubuntu_linuxdebian:debian_linuxredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_eusredhat:enterprise_linux_server_tusredhat:enterprise_linux_workstationx.org:x_server

Faiblesses (CWE)

CWE-863

References

http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html(secalert@redhat.com)
http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html(secalert@redhat.com)
http://www.securityfocus.com/bid/105741(secalert@redhat.com)
http://www.securitytracker.com/id/1041948(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:3410(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665(secalert@redhat.com)
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e(secalert@redhat.com)
https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170(secalert@redhat.com)
https://lists.x.org/archives/xorg-announce/2018-October/002927.html(secalert@redhat.com)
https://security.gentoo.org/glsa/201810-09(secalert@redhat.com)
https://usn.ubuntu.com/3802-1/(secalert@redhat.com)
https://www.debian.org/security/2018/dsa-4328(secalert@redhat.com)
https://www.exploit-db.com/exploits/45697/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45742/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45832/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45908/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45922/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45938/(secalert@redhat.com)
https://www.exploit-db.com/exploits/46142/(secalert@redhat.com)
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html(secalert@redhat.com)
http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/105741(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1041948(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:3410(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170(af854a3a-2127-422b-91ae-364da2661108)
https://lists.x.org/archives/xorg-announce/2018-October/002927.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201810-09(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3802-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4328(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45697/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45742/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45832/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45908/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45922/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45938/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46142/(af854a3a-2127-422b-91ae-364da2661108)
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.