QwikSec

Security Database

CVE

CWE

Training

CVE-2018-14665

Published: Oct 25, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

[xorg-announce] 20181025 X.Org security advisory: October 25, 2018

mailing-list

x_refsource_MLIST

exploit

x_refsource_EXPLOIT-DB

vendor-advisory

x_refsource_UBUNTU

https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_BID

exploit

x_refsource_EXPLOIT-DB

https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_SECTRACK

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

vendor-advisory

x_refsource_DEBIAN

http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html

x_refsource_MISC

http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.