[ASA-201810-15] xorg-server: privilege escalation

Remi Gacogne rgacogne at archlinux.org
Mon Oct 29 13:55:37 UTC 2018


Arch Linux Security Advisory ASA-201810-15
==========================================

Severity: High
Date    : 2018-10-29
CVE-ID  : CVE-2018-14665
Package : xorg-server
Type    : privilege escalation
Remote  : Yes
Link    : https://security.archlinux.org/AVG-788

Summary
=======

The package xorg-server before version 1.20.3-1 is vulnerable to
privilege escalation.

Resolution
==========

Upgrade to 1.20.3-1.

# pacman -Syu "xorg-server>=1.20.3-1"

The problem has been fixed upstream in version 1.20.3.

Workaround
==========

None.

Description
===========

Incorrect command-line parameter validation in the Xorg X server can
lead to privilege elevation and/or arbitrary files overwrite, when the
X server is installed with the setuid bit set and unprivileged users
have the ability to log in to the system via physical console.

The -modulepath argument can be used to specify an insecure path to
modules that are going to be loaded in the X server, allowing to
execute unprivileged code in the privileged process.

The -logfile argument can be used to overwrite arbitrary files in the
file system, due to incorrect checks in the parsing of the option.

Impact
======

A local attacker can elevate privileges to root by passing crafted
parameters to the Xorg X server.

References
==========

https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7
https://www.openwall.com/lists/oss-security/2018/10/25/1
https://security.archlinux.org/CVE-2018-14665

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20181029/9839112e/attachment.asc>


More information about the arch-security mailing list