Vulnerability Details : CVE-2018-14665
Public exploit exists!
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
Products affected by CVE-2018-14665
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-14665
4.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2018-14665
-
Xorg X11 Server SUID modulepath Privilege Escalation
Disclosure Date: 2018-10-25First seen: 2020-04-26exploit/multi/local/xorg_x11_suid_server_modulepathThis module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 < 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the a -
Xorg X11 Server SUID logfile Privilege Escalation
Disclosure Date: 2018-10-25First seen: 2020-04-26exploit/multi/local/xorg_x11_suid_serverThis module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 < 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ab -
Xorg X11 Server Local Privilege Escalation
Disclosure Date: 2018-10-25First seen: 2020-04-26exploit/aix/local/xorg_x11_serverWARNING: Successful execution of this module results in /etc/passwd being overwritten. This module is a port of the OpenBSD X11 Xorg exploit to run on AIX. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivil
CVSS scores for CVE-2018-14665
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
6.6
|
MEDIUM | CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
0.7
|
5.9
|
NIST |
CWE ids for CVE-2018-14665
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-14665
-
https://security.gentoo.org/glsa/201810-09
X.Org X Server: Privilege escalation (GLSA 201810-09) — Gentoo securityThird Party Advisory
-
https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170
Disable -logfile and -modulepath when running with elevated privileges (8a59e3b7) · Commits · xorg / xserver · GitLabPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665
1637761 – (CVE-2018-14665) CVE-2018-14665 xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalationIssue Tracking;Patch;Third Party Advisory
-
https://www.exploit-db.com/exploits/45832/
xorg-x11-server < 1.20.1 - Local Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2018:3410
RHSA-2018:3410 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html
Xorg X11 Server SUID modulepath Privilege Escalation ≈ Packet Storm
-
https://usn.ubuntu.com/3802-1/
USN-3802-1: X.Org X server vulnerability | Ubuntu security noticesThird Party Advisory
-
https://www.exploit-db.com/exploits/46142/
xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
Software [in] Security: CVE-2018-14665 : Xorg X Server VulnerabilitiesExploit;Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4328
Debian -- Security Information -- DSA-4328-1 xorg-serverThird Party Advisory
-
http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html
Xorg X11 Server Local Privilege Escalation ≈ Packet Storm
-
https://www.exploit-db.com/exploits/45922/
xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/45938/
Xorg X11 Server (AIX) - Local Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/105741
X.Org X Server CVE-2018-14665 Multiple Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
Disable -logfile and -modulepath when running with elevated privileges (50c0cf88) · Commits · xorg / xserver · GitLabPatch;Third Party Advisory
-
https://lists.x.org/archives/xorg-announce/2018-October/002927.html
X.Org security advisory: October 25, 2018Mitigation;Patch;Vendor Advisory
-
https://www.exploit-db.com/exploits/45742/
xorg-x11-server 1.20.3 - Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/45697/
xorg-x11-server < 1.20.3 - Local Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1041948
X.Org Command Line Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges and Delete Arbitrary Files - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/45908/
Xorg X11 Server - SUID privilege escalation (Metasploit)Exploit;Third Party Advisory;VDB Entry
Jump to