Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-14665 — Incorrect Authorization in X Server

CWE-863 — Incorrect Authorization CWE-271 — Privilege Dropping / Lowering Errors20 documents11 sources

Severity

6.6MEDIUMNVD

EPSS

8.9%

top 7.39%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

X.org Xorg-server X.org X Server Canonical Ubuntu Linux +7 more

Timeline

PublishedOct 25

Latest updateMay 13

Description

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages5 packages

▶Debianx.org/xorg-server< 2:1.20.3-1+3

▶NVDx.org/x_server< 1.20.3

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_workstation7.0

Also affects: Debian Linux 9.0, Ubuntu Linux 16.04, 18.04, 18.10, Enterprise Linux 7.6

Patches

Patch: bugzilla.redhat.com ↗Patch: gitlab.freedesktop.org ↗Patch: gitlab.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-c34f-6cmx-fcvv: A flaw was found in xorg-x11-server before 1↗2022-05-13

▶

CVEList

CVE-2018-14665: A flaw was found in xorg-x11-server before 1↗2018-10-25

▶

OSV

CVE-2018-14665: A flaw was found in xorg-x11-server before 1↗2018-10-25

▶

VulnCheck

x.org x_server Incorrect Authorization↗2018

▶

💥Exploits & PoCs

Exploit-DB

Xorg X11 Server - Local Privilege Escalation (Metasploit)↗2019-11-20

▶

Exploit-DB

xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege Escalation↗2019-01-14

▶

Exploit-DB

Xorg X11 Server (AIX) - Local Privilege Escalation↗2018-12-04

▶

Exploit-DB

xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation↗2018-11-30

▶

Exploit-DB

Xorg X11 Server - SUID privilege escalation (Metasploit)↗2018-11-26

▶

📋Vendor Advisories

Ubuntu

X.Org X server vulnerability↗2018-10-26

▶

Red Hat

xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation↗2018-10-25

▶

Debian

CVE-2018-14665: xorg-server - A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check...↗2018

▶

🕵️Threat Intelligence

Tenable

Tweetable Exploit for X.org Server Local Privilege Escalation (CVE-2018-14665) Released↗2018-10-26

▶

💬Community

Bugzilla

CVE-2018-14665 xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation [fedora-all]↗2018-10-25

▶

Bugzilla

CVE-2018-14665 xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation↗2018-10-10

▶