Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

New Privilege Escalation Flaw Affects Most Linux Distributions

Report Bugs, Issues and non- pacakage Requests
Post Reply
User avatar
Forum Regular
Forum Regular
Posts: 369
Joined: Sun Mar 19, 2017 7:21 pm

New Privilege Escalation Flaw Affects Most Linux Distributions

#1 Post by colin_b » Sun Oct 28, 2018 9:27 pm

https://thehackernews.com/2018/10/privi ... linux.html

An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora.


The flaw, tracked as CVE-2018-14665, was introduced in X.Org server 1.19.0 package that remained undetected for almost two years and could have been exploited by a local attacker on the terminal or via SSH to elevate their privileges on a target system.

The two vulnerable parameters in question are:
  • -modulepath: to set a directory path to search for Xorg server modules,
  • -logfile: to set a new log file for the Xorg server, instead of using the default log file that is located at /var/log/Xorg.n.log on most platforms.

Security researcher Matthew Hickey shared an easy to execute proof-of-concept exploit code earlier today on Twitter, saying "An attacker can literally take over impacted systems with 3 commands or less."

User avatar
Forum Veteran
Forum Veteran
Posts: 9575
Joined: Sun Dec 16, 2007 1:17 pm

Re: New Privilege Escalation Flaw Affects Most Linux Distributions

#2 Post by dolphin_oracle » Sun Oct 28, 2018 9:29 pm

lenovo ThinkPad T530 - MX-17
lenovo s21e & 100s - antiX-17, MX17(live-usb)
FYI: mx "test" repo is not the same thing as debian testing repo.

Post Reply

Return to “Bugs and Non-Package Requests Forum”