VDB
CVE-2018-14665
CVE-2018-14665
PUBLISHED
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
EPSS 16.03% · 94.9th percentile
Risk Scores
EPSS Score
16.03%
94.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | xorg-server-hwe-16.04 | *, 2:1.18.4-1ubuntu6.1~16.04.1, 2:1.19.3-1ubuntu1~16.04.2 |
| Ubuntu:18.04:LTS | xorg-server | 2:1.19.5-0ubuntu2, 2:1.19.6-1ubuntu1, 2:1.19.6-1ubuntu2 |
Exploit Intelligence
- bolonobolo/CVE-2018-14665 (github-poc-repo)
- bolonobolo/CVE-2018-14665 (github-poc-repo)
- bolonobolo/CVE-2018-14665 (github-poc-repo)
- bolonobolo/CVE-2018-14665 (github-poc-repo)
- bolonobolo/CVE-2018-14665 (github-poc-repo)
- bolonobolo/CVE-2018-14665 (github-poc-repo)
- bolonobolo/CVE-2018-14665 (github-poc-repo)
- bolonobolo/CVE-2018-14665 (github-poc)
- bolonobolo/CVE-2018-14665 (github-poc)
- bolonobolo/CVE-2018-14665 (github-poc)
…and 66 more exploits
Timeline
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Oct 25, 2018 CVE Published
- Oct 26, 2018 PoC Published
- Oct 29, 2018 PoC Published
- Oct 30, 2018 PoC Published
- Nov 13, 2018 PoC Published
- Nov 22, 2018 PoC Published
- Nov 25, 2018 PoC Published
- Nov 26, 2018 PoC Published
- Dec 1, 2018 PoC Published
- Dec 4, 2018 PoC Published
References
- https://ubuntu.com/security/CVE-2018-14665 third-party-advisory
- https://lists.x.org/archives/xorg-announce/2018-October/002927.html third-party-advisory
- https://ubuntu.com/security/notices/USN-3802-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-14665 third-party-advisory