X.Org Bug allows Root Permission on Linux and BSD System

Windows Articles

How to increase privacy in Windows 10.

Hello! Without a doubt the time of use of electronic devices has increased lately. Indeed, with the limitations imposed by the COVID-19...

How to install Java 15 on OpenSUSE 15.2?

Recently Java 15 has been released with interesting new features in the accounting field and introducing many security patches. In spite of...

How to install Redis on CentOS 8?

Hello, friends in this post, we will show you how to install Redis on CentOS 8 As we well...

How to enable and disable startup applications in Windows 10

Hello! Windows 10 is an attractive and very easy to use system. However, some criticism has come for being too "heavy". That...

How to install Oracle Java 15 on Ubuntu 20.04 / 18.04?

Hello, friends. We know that Java is one of the most popular programming languages and now it's version 15. So in this...

X.Org is the open-source implementation of the “X Window System” that allows the GUI for our Linux and BSD systems. Recently, there’s a bug spotted that, if exploited, could allow privilege escalation of an execution to root level.

The flaw is tracked as CVE-2018-14665. The bug is present for about 2 years in “xorg-server” (since v1.19.0)!

Privilege escalation and file overwrite

In an advisory on the official website, X.Org described the problem as an “incorrect command-line parameter validation”, allowing an attacker to overwrite files.

Using the “-modulepath” argument, it was possible to set an insecure path of modules that the X.Org server would load. File overwriting is possible with the “-logfile” argument.

The bug was preventable in OpenBSD 6.4

OpenBSD is the open-source implementation of the BSD system with a strong focus on security. Interestingly, this distro uses “xorg”. On the latest release (v6.4), the bug was inside the system. This was preventable.

According to the founder and leader of OpenBSD, Theo de Raadt, said that X maintainers knew about the bug since October 11. However, they noticed the OpenBSD devs after a week of releasing their new OS. If they knew about the issue, they would have taken steps for mitigating the problem or even would delay the release a week or two.

There’s already a remedy, though. OpenBSD project provides a source code patch that requires compiling the code and rebuilding the X server. For a quick fix, users can disable the X server binary. Run the following command –

Besides OpenBSD, the bug also affects other Linux distros like Debian, Ubuntu, Fedora, RHEL, CentOS and their derivatives.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to increase privacy in Windows 10.

Hello! Without a doubt the time of use of electronic devices has increased lately. Indeed, with the limitations imposed by the COVID-19...

How to install Java 15 on OpenSUSE 15.2?

Recently Java 15 has been released with interesting new features in the accounting field and introducing many security patches. In spite of...

How to install Redis on CentOS 8?

Hello, friends in this post, we will show you how to install Redis on CentOS 8 As we well...

How to enable and disable startup applications in Windows 10

Hello! Windows 10 is an attractive and very easy to use system. However, some criticism has come for being too "heavy". That...

How to install Oracle Java 15 on Ubuntu 20.04 / 18.04?

Hello, friends. We know that Java is one of the most popular programming languages and now it's version 15. So in this...
x