CVE-2018-14665 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-14665 PUBLISHED

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

EPSS 12.08% · 93.7th percentile

Risk Scores

EPSS Score

12.08%

93.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	xorg-server-hwe-16.04	0, 2:1.18.4-1ubuntu6.1~16.04.1, 2:1.18.4-1ubuntu6.1~16.04.2
Ubuntu:18.04:LTS	xorg-server	0, 2:1.19.5-0ubuntu2, 2:1.19.6-1ubuntu1

Timeline

Jan 18, 1970 VulnCheck XDB Entry
Jan 18, 1970 VulnCheck XDB Entry
Oct 25, 2018 CVE Published
Oct 26, 2018 PoC Published
Oct 29, 2018 PoC Published
Oct 30, 2018 PoC Published
Nov 13, 2018 PoC Published
Nov 22, 2018 PoC Published
Nov 25, 2018 PoC Published
Nov 26, 2018 PoC Published
Dec 1, 2018 PoC Published
Dec 4, 2018 PoC Published

References

https://ubuntu.com/security/CVE-2018-14665 third-party-advisory
https://lists.x.org/archives/xorg-announce/2018-October/002927.html third-party-advisory
https://ubuntu.com/security/notices/USN-3802-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2018-14665 third-party-advisory

Open in Interactive Console →