https://thehackernews.com/2018/10/privi ... linux.html
An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora.
...
The flaw, tracked as CVE-2018-14665, was introduced in X.Org server 1.19.0 package that remained undetected for almost two years and could have been exploited by a local attacker on the terminal or via SSH to elevate their privileges on a target system.
The two vulnerable parameters in question are:
- -modulepath: to set a directory path to search for Xorg server modules,
...
- -logfile: to set a new log file for the Xorg server, instead of using the default log file that is located at /var/log/Xorg.n.log on most platforms.
Security researcher Matthew Hickey shared an easy to execute proof-of-concept exploit code earlier today on Twitter, saying "An attacker can literally take over impacted systems with 3 commands or less."
New Privilege Escalation Flaw Affects Most Linux Distributions
New Privilege Escalation Flaw Affects Most Linux Distributions
- dolphin_oracle
- Developer
- Posts: 20032
- Joined: Sun Dec 16, 2007 1:17 pm
Re: New Privilege Escalation Flaw Affects Most Linux Distributions
http://www.youtube.com/runwiththedolphin
lenovo ThinkPad X1 Extreme Gen 4 - MX-23
FYI: mx "test" repo is not the same thing as debian testing repo.
lenovo ThinkPad X1 Extreme Gen 4 - MX-23
FYI: mx "test" repo is not the same thing as debian testing repo.