Welcome!

The kernel problem with recent updates has been solved. Find the solution here

Important information
-- Required MX 15/16 Repository Changes
-- Information on torrent hosting changes
-- Information on MX15/16 GPG Keys
-- Spectre and Meltdown vulnerabilities

News
-- Introducing our new Website
-- MX Linux on social media: here

Current releases
-- MX-18.3 Point Release release info here
-- Migration Information to MX-18 here
-- antiX-17.4.1 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

New Privilege Escalation Flaw Affects Most Linux Distributions

Report Bugs, Issues and non- pacakage Requests
Post Reply
User avatar
colin_b
Forum Regular
Forum Regular
Posts: 528
Joined: Sun Mar 19, 2017 7:21 pm

New Privilege Escalation Flaw Affects Most Linux Distributions

#1

Post by colin_b » Sun Oct 28, 2018 9:27 pm

https://thehackernews.com/2018/10/privi ... linux.html

An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora.

...

The flaw, tracked as CVE-2018-14665, was introduced in X.Org server 1.19.0 package that remained undetected for almost two years and could have been exploited by a local attacker on the terminal or via SSH to elevate their privileges on a target system.

The two vulnerable parameters in question are:
  • -modulepath: to set a directory path to search for Xorg server modules,
  • -logfile: to set a new log file for the Xorg server, instead of using the default log file that is located at /var/log/Xorg.n.log on most platforms.
...

Security researcher Matthew Hickey shared an easy to execute proof-of-concept exploit code earlier today on Twitter, saying "An attacker can literally take over impacted systems with 3 commands or less."

User avatar
dolphin_oracle
Forum Veteran
Forum Veteran
Posts: 11558
Joined: Sun Dec 16, 2007 1:17 pm

Re: New Privilege Escalation Flaw Affects Most Linux Distributions

#2

Post by dolphin_oracle » Sun Oct 28, 2018 9:29 pm

http://www.youtube.com/runwiththedolphin
lenovo ThinkPad T530 - MX-18
lenovo s21e - MX-18, antiX-17.3.1 (live-USB)
FYI: mx "test" repo is not the same thing as debian testing repo.


Post Reply

Return to “Bugs and Non-Package Requests Forum”