Linux and BSD systems face a critical risk as a Xorg vulnerability has been found. This is the main display server which is used to provide the graphics engine. The issue is tracked in the CVE-2018-14665 advisory and is related to an incorrect permission check.
CVE-2018-14665: The Xorg Vulnerability Affects Almost all Linux and BSD Users
A security announcement revealed that there is a dangerous bug in Xorg which is one of the most important components of a typical Linux and BSD system. Xorg is the preferred display server for these systems and it provides the graphics stack used to desktop environments and window managers. In practice the only cases where it is not used is where an alternative solution is used (such as Ubuntu’s Mir) or a console-only installation is deployed, common cases are servers or IoT devices. The dangerous consequence is that the demonstrated proof-of-concept allows hackers to hijack target computers with three simple commands. A post on Twitter gives further details and a link to the exploit code.
OpenBSD #0day Xorg LPE via CVE-2018-14665 can be triggered from a remote SSH session, does not need to be on a local console. An attacker can literally take over impacted systems with 3 commands or less. exploit https://t.co/3FqgJPeCvO 🙄 pic.twitter.com/8HCBXwBj5M
— Hacker Fantastic (@hackerfantastic) October 25, 2018
The Xorg vulnerability is assigned with the CVE-2018-14665 advisory which reads the following:
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/cve-2018-14665-xorg-linux-bsd-systems/