CVE - CVE-2018-14665

CVE-ID
CVE-2018-14665	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:105741 URL:http://www.securityfocus.com/bid/105741 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665 CONFIRM:https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e CONFIRM:https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170 DEBIAN:DSA-4328 URL:https://www.debian.org/security/2018/dsa-4328 EXPLOIT-DB:45697 URL:https://www.exploit-db.com/exploits/45697/ EXPLOIT-DB:45742 URL:https://www.exploit-db.com/exploits/45742/ EXPLOIT-DB:45832 URL:https://www.exploit-db.com/exploits/45832/ EXPLOIT-DB:45908 URL:https://www.exploit-db.com/exploits/45908/ EXPLOIT-DB:45922 URL:https://www.exploit-db.com/exploits/45922/ EXPLOIT-DB:45938 URL:https://www.exploit-db.com/exploits/45938/ EXPLOIT-DB:46142 URL:https://www.exploit-db.com/exploits/46142/ GENTOO:GLSA-201810-09 URL:https://security.gentoo.org/glsa/201810-09 MISC:http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html MISC:http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html MISC:https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html MLIST:[xorg-announce] 20181025 X.Org security advisory: October 25, 2018 URL:https://lists.x.org/archives/xorg-announce/2018-October/002927.html REDHAT:RHSA-2018:3410 URL:https://access.redhat.com/errata/RHSA-2018:3410 SECTRACK:1041948 URL:http://www.securitytracker.com/id/1041948 UBUNTU:USN-3802-1 URL:https://usn.ubuntu.com/3802-1/
Assigning CNA
Red Hat, Inc.
Date Record Created
20180727	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20180727)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)