VDB
GSD-2018-14665
GSD-2018-14665
PUBLISHED
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Timeline
- Oct 25, 2018 CVE Published
- Oct 27, 2018 PoC Published
- Oct 29, 2018 PoC Published
- Nov 7, 2018 PoC Published
- Nov 22, 2018 PoC Published
- Nov 25, 2018 PoC Published
- Nov 26, 2018 PoC Published
- Oct 22, 2019 PoC Published
- Nov 11, 2019 PoC Published
- Nov 20, 2019 PoC Published
- Feb 6, 2025 PoC Published
- Feb 23, 2025 PoC Published
References
- [xorg-announce] 20181025 X.Org security advisory: October 25, 2018 mailing-list
- https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e url
- 105741 vdb
- https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html url
- 1041948 vdb
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665 url
- https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170 url
- 45742 exploit
- 45922 exploit
- USN-3802-1 advisory
- 45697 exploit
- RHSA-2018:3410 advisory
- 45908 exploit
- 46142 exploit
- GLSA-201810-09 advisory
- 45832 exploit
- 45938 exploit
- DSA-4328 advisory
- http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html exploit
- http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html exploit