CVE-2018-14665 : A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options wh

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

Published 2018-10-25 20:29:00

Updated 2019-10-22 23:15:10

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2018-14665

Probability of exploitation activity in the next 30 days: 3.21%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2018-14665

Xorg X11 Server SUID modulepath Privilege Escalation

Disclosure Date: 2018-10-25

First seen: 2020-04-26

exploit/multi/local/xorg_x11_suid_server_modulepath

This module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 < 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the a

More information
Xorg X11 Server SUID logfile Privilege Escalation

Disclosure Date: 2018-10-25

First seen: 2020-04-26

exploit/multi/local/xorg_x11_suid_server

This module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 < 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ab

More information
Xorg X11 Server Local Privilege Escalation

Disclosure Date: 2018-10-25

First seen: 2020-04-26

exploit/aix/local/xorg_x11_server

WARNING: Successful execution of this module results in /etc/passwd being overwritten. This module is a port of the OpenBSD X11 Xorg exploit to run on AIX. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivil

More information

CVSS scores for CVE-2018-14665

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.6	MEDIUM	CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	0.7	5.9	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-14665

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-14665

https://security.gentoo.org/glsa/201810-09

X.Org X Server: Privilege escalation (GLSA 201810-09) — Gentoo security
Third Party Advisory
https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170

Disable -logfile and -modulepath when running with elevated privileges (8a59e3b7) · Commits · xorg / xserver · GitLab
Patch;Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665

1637761 – (CVE-2018-14665) CVE-2018-14665 xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation
Issue Tracking;Patch;Third Party Advisory
https://www.exploit-db.com/exploits/45832/

xorg-x11-server < 1.20.1 - Local Privilege Escalation
Exploit;Third Party Advisory;VDB Entry
https://access.redhat.com/errata/RHSA-2018:3410

RHSA-2018:3410 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html

Xorg X11 Server SUID modulepath Privilege Escalation ≈ Packet Storm
https://usn.ubuntu.com/3802-1/

USN-3802-1: X.Org X server vulnerability | Ubuntu security notices
Third Party Advisory
https://www.exploit-db.com/exploits/46142/

xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege Escalation
Exploit;Third Party Advisory;VDB Entry
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html

Software [in] Security: CVE-2018-14665 : Xorg X Server Vulnerabilities
Exploit;Third Party Advisory
https://www.debian.org/security/2018/dsa-4328

Debian -- Security Information -- DSA-4328-1 xorg-server
Third Party Advisory
http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html

Xorg X11 Server Local Privilege Escalation ≈ Packet Storm
https://www.exploit-db.com/exploits/45922/

xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation
Exploit;Third Party Advisory;VDB Entry
https://www.exploit-db.com/exploits/45938/

Xorg X11 Server (AIX) - Local Privilege Escalation
Exploit;Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/105741

X.Org X Server CVE-2018-14665 Multiple Local Privilege Escalation Vulnerability
Third Party Advisory;VDB Entry
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e

Disable -logfile and -modulepath when running with elevated privileges (50c0cf88) · Commits · xorg / xserver · GitLab
Patch;Third Party Advisory
https://lists.x.org/archives/xorg-announce/2018-October/002927.html

X.Org security advisory: October 25, 2018
Mitigation;Patch;Vendor Advisory
https://www.exploit-db.com/exploits/45742/

xorg-x11-server 1.20.3 - Privilege Escalation
Exploit;Third Party Advisory;VDB Entry
https://www.exploit-db.com/exploits/45697/

xorg-x11-server < 1.20.3 - Local Privilege Escalation
Exploit;Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1041948

X.Org Command Line Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges and Delete Arbitrary Files - SecurityTracker
Third Party Advisory;VDB Entry
https://www.exploit-db.com/exploits/45908/

Xorg X11 Server - SUID privilege escalation (Metasploit)
Exploit;Third Party Advisory;VDB Entry

Products affected by CVE-2018-14665

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
X.org » Xorg-server
Versions before (<) 1.20.3
cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2018-14665

Exploit prediction scoring system (EPSS) score for CVE-2018-14665

Metasploit modules for CVE-2018-14665

Xorg X11 Server SUID modulepath Privilege Escalation

Xorg X11 Server SUID logfile Privilege Escalation

Xorg X11 Server Local Privilege Escalation

CVSS scores for CVE-2018-14665

CWE ids for CVE-2018-14665

References for CVE-2018-14665

Products affected by CVE-2018-14665