X.Org is the open-source implementation of the “X Window System” that allows the GUI for our Linux and BSD systems. Recently, there’s a bug spotted that, if exploited, could allow privilege escalation of an execution to root level.
The flaw is tracked as CVE-2018-14665. The bug is present for about 2 years in “xorg-server” (since v1.19.0)!
Privilege escalation and file overwrite
In an advisory on the official website, X.Org described the problem as an “incorrect command-line parameter validation”, allowing an attacker to overwrite files.
Using the “-modulepath” argument, it was possible to set an insecure path of modules that the X.Org server would load. File overwriting is possible with the “-logfile” argument.
The bug was preventable in OpenBSD 6.4
OpenBSD is the open-source implementation of the BSD system with a strong focus on security. Interestingly, this distro uses “xorg”. On the latest release (v6.4), the bug was inside the system. This was preventable.
According to the founder and leader of OpenBSD, Theo de Raadt, said that X maintainers knew about the bug since October 11. However, they noticed the OpenBSD devs after a week of releasing their new OS. If they knew about the issue, they would have taken steps for mitigating the problem or even would delay the release a week or two.
There’s already a remedy, though. OpenBSD project provides a source code patch that requires compiling the code and rebuilding the X server. For a quick fix, users can disable the X server binary. Run the following command –
Besides OpenBSD, the bug also affects other Linux distros like Debian, Ubuntu, Fedora, RHEL, CentOS and their derivatives.