TROYANOSYVIRUS
Voltar para CVEs

CVE-2018-14665

N/A

Descricao

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

Detalhes CVE

Pontuacao CVSS v3.1N/A
Publicado10/25/2018
Ultima modificacao8/29/2025
Fontenvd
Avistamentos honeypot0

Produtos afetados

canonical:ubuntu_linuxdebian:debian_linuxredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_eusredhat:enterprise_linux_server_tusredhat:enterprise_linux_workstationx.org:x_server

Fraquezas (CWE)

CWE-863

Referencias

http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html(secalert@redhat.com)
http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html(secalert@redhat.com)
http://www.securityfocus.com/bid/105741(secalert@redhat.com)
http://www.securitytracker.com/id/1041948(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:3410(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665(secalert@redhat.com)
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e(secalert@redhat.com)
https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170(secalert@redhat.com)
https://lists.x.org/archives/xorg-announce/2018-October/002927.html(secalert@redhat.com)
https://security.gentoo.org/glsa/201810-09(secalert@redhat.com)
https://usn.ubuntu.com/3802-1/(secalert@redhat.com)
https://www.debian.org/security/2018/dsa-4328(secalert@redhat.com)
https://www.exploit-db.com/exploits/45697/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45742/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45832/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45908/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45922/(secalert@redhat.com)
https://www.exploit-db.com/exploits/45938/(secalert@redhat.com)
https://www.exploit-db.com/exploits/46142/(secalert@redhat.com)
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html(secalert@redhat.com)
http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/105741(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1041948(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:3410(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170(af854a3a-2127-422b-91ae-364da2661108)
https://lists.x.org/archives/xorg-announce/2018-October/002927.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201810-09(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3802-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4328(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45697/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45742/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45832/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45908/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45922/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45938/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46142/(af854a3a-2127-422b-91ae-364da2661108)
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.