X.Org Bug allows Root Permission on Linux and BSD System

Windows Articles

How to access System in Windows 10

Perhaps the title of this post is misleading. In previous versions of Windows, it was enough to enter the Control Panel and from there,...

Microsoft reduces the fragmentation of Windows 10

Windows 10 20H2 has been released as a minor operating system update. As a result, it has managed to reduce platform errors. In addition,...

How to install Nginx and PHP on FreeBSD?

Hello, friends. FreeBSD is a secure system even more than Linux, that's why it's used as the main server. And a server has to...

How to enable local port forwarding using Ubuntu 20.04 and ssh

SSH, a very popular tool found almost with every IT guy. Commonly, when we talk about the insecure network for data, ssh is the...

How to use CHKDSK in Windows 10

Hello! It is very important to ensure the integrity of the hard disk in the computer. Since it is an essential element for the...

X.Org is the open-source implementation of the “X Window System” that allows the GUI for our Linux and BSD systems. Recently, there’s a bug spotted that, if exploited, could allow privilege escalation of an execution to root level.

The flaw is tracked as CVE-2018-14665. The bug is present for about 2 years in “xorg-server” (since v1.19.0)!

Privilege escalation and file overwrite

In an advisory on the official website, X.Org described the problem as an “incorrect command-line parameter validation”, allowing an attacker to overwrite files.

Using the “-modulepath” argument, it was possible to set an insecure path of modules that the X.Org server would load. File overwriting is possible with the “-logfile” argument.

The bug was preventable in OpenBSD 6.4

OpenBSD is the open-source implementation of the BSD system with a strong focus on security. Interestingly, this distro uses “xorg”. On the latest release (v6.4), the bug was inside the system. This was preventable.

According to the founder and leader of OpenBSD, Theo de Raadt, said that X maintainers knew about the bug since October 11. However, they noticed the OpenBSD devs after a week of releasing their new OS. If they knew about the issue, they would have taken steps for mitigating the problem or even would delay the release a week or two.

There’s already a remedy, though. OpenBSD project provides a source code patch that requires compiling the code and rebuilding the X server. For a quick fix, users can disable the X server binary. Run the following command –

Besides OpenBSD, the bug also affects other Linux distros like Debian, Ubuntu, Fedora, RHEL, CentOS and their derivatives.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to access System in Windows 10

Perhaps the title of this post is misleading. In previous versions of Windows, it was enough to enter the Control Panel and from there,...

Microsoft reduces the fragmentation of Windows 10

Windows 10 20H2 has been released as a minor operating system update. As a result, it has managed to reduce platform errors. In addition,...

How to install Nginx and PHP on FreeBSD?

Hello, friends. FreeBSD is a secure system even more than Linux, that's why it's used as the main server. And a server has to...

How to enable local port forwarding using Ubuntu 20.04 and ssh

SSH, a very popular tool found almost with every IT guy. Commonly, when we talk about the insecure network for data, ssh is the...

How to use CHKDSK in Windows 10

Hello! It is very important to ensure the integrity of the hard disk in the computer. Since it is an essential element for the...
x