Xorg X server is a pop open-source implementation of the X11 organisation (display server) that offers a graphical surroundings to a wider attain of hardware in addition to OS platforms. It serves every bit an intermediary betwixt customer in addition to user applications to grapple graphical displays.
According to a blog post published past times software safety engineer Narendra Shinde, Xorg X server doesn't correctly grip in addition to validate arguments for at to the lowest degree 2 command-line parameters, allowing a low-privileged user to execute malicious code in addition to overwrite whatsoever file—including files owned past times privileged users similar root.
The flaw, tracked every bit CVE-2018-14665, was introduced inward X.Org server 1.19.0 packet that remained undetected for virtually 2 years in addition to could get got been exploited past times a local assaulter on the final or via SSH to nurture their privileges on a target system.
The 2 vulnerable parameters inward inquiry are:
- -modulepath: to ready a directory path to search for Xorg server modules,
- -logfile: to ready a novel log file for the Xorg server, instead of using the default log file that is located at /var/log/Xorg.n.log on most platforms.
"When the X server is running amongst elevated privileges (i.e., when Xorg is installed amongst the setuid flake ready in addition to started past times a non-root user)." the Xorg advisory says. "The -modulepath declaration tin move used to specify an insecure path to modules that are going to move loaded inward the X server, allowing to execute unprivileged code inward the privileged process."
"An wrong permission banking concern agree for -modulepath in addition to -logfile options when starting Xorg X server allows unprivileged users amongst the mightiness to log inward to the organisation via physical console to escalate their privileges in addition to run arbitrary code nether root privileges." Red Hat advisory says.
Security researcher Matthew Hickey shared an tardily to execute proof-of-concept exploit code before today on Twitter, saying "An assaulter tin literally get got over impacted systems amongst three commands or less."
The X.Org foundation has directly released X.Org Server version 1.20.3 amongst safety patches to address the issue.
Popular distributions similar OpenBSD, Debian, Ubuntu, CentOS, Red Hat, in addition to Fedora get got published their advisories to confirm the effect in addition to working on the piece updates.
