New Privilege Escalation Flaw Affects Most Linux Distributions

Report Bugs, Issues and non- package Requests
Forum rules
Post Reply
Message
Author
User avatar
colin_b
Posts: 452
Joined: Sun Mar 19, 2017 7:21 pm

New Privilege Escalation Flaw Affects Most Linux Distributions

#1 Post by colin_b »

https://thehackernews.com/2018/10/privi ... linux.html

An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora.

...

The flaw, tracked as CVE-2018-14665, was introduced in X.Org server 1.19.0 package that remained undetected for almost two years and could have been exploited by a local attacker on the terminal or via SSH to elevate their privileges on a target system.

The two vulnerable parameters in question are:
  • -modulepath: to set a directory path to search for Xorg server modules,
  • -logfile: to set a new log file for the Xorg server, instead of using the default log file that is located at /var/log/Xorg.n.log on most platforms.
...

Security researcher Matthew Hickey shared an easy to execute proof-of-concept exploit code earlier today on Twitter, saying "An attacker can literally take over impacted systems with 3 commands or less."
Top
User avatar
dolphin_oracle
Developer
Posts: 20032
Joined: Sun Dec 16, 2007 1:17 pm

Re: New Privilege Escalation Flaw Affects Most Linux Distributions

#2 Post by dolphin_oracle »

fixed already

https://security-tracker.debian.org/tra ... 2018-14665
http://www.youtube.com/runwiththedolphin
lenovo ThinkPad X1 Extreme Gen 4 - MX-23
FYI: mx "test" repo is not the same thing as debian testing repo.
Top
User avatar
colin_b
Posts: 452
Joined: Sun Mar 19, 2017 7:21 pm

Re: New Privilege Escalation Flaw Affects Most Linux Distributions

#3 Post by colin_b »

https://www.youtube.com/watch?v=wVOa3xhl0bg

:happy:
Top
Post Reply

Return to “Bugs and Non-Package Requests Forum”