X.Org Bug allows Root Permission on Linux and BSD System

Windows Articles

How to activate the automatic screen saver in Windows 10

Hello! Undoubtedly the time we spend in front of a computer has grown lately. In fact, in these times of pandemic, more...

How to install Teamviewer on Ubuntu 20.04?

Hi, folks. This will be a short and very simple post in which you will learn how to install TeamViewer on Ubuntu...

OpenSUSE 15.2 available

Well, another one has come into the family. A new version of OpenSUSE has recently been released. The community distribution under the...

How to install and configure Vagrant in Windows 10

Hello! Vagrant is a free, multi-platform command-line tool, which makes it easy to create reproducible and shareable development environments. Additionally, it creates...

Ubuntu Rolling Release? It is possible with Rolling Rhino

Throughout the Linux community, there are always expectations about when Ubuntu decides to have a Rolling Release. This, at least, since the...

X.Org is the open-source implementation of the “X Window System” that allows the GUI for our Linux and BSD systems. Recently, there’s a bug spotted that, if exploited, could allow privilege escalation of an execution to root level.

The flaw is tracked as CVE-2018-14665. The bug is present for about 2 years in “xorg-server” (since v1.19.0)!

Privilege escalation and file overwrite

In an advisory on the official website, X.Org described the problem as an “incorrect command-line parameter validation”, allowing an attacker to overwrite files.

Using the “-modulepath” argument, it was possible to set an insecure path of modules that the X.Org server would load. File overwriting is possible with the “-logfile” argument.

The bug was preventable in OpenBSD 6.4

OpenBSD is the open-source implementation of the BSD system with a strong focus on security. Interestingly, this distro uses “xorg”. On the latest release (v6.4), the bug was inside the system. This was preventable.

According to the founder and leader of OpenBSD, Theo de Raadt, said that X maintainers knew about the bug since October 11. However, they noticed the OpenBSD devs after a week of releasing their new OS. If they knew about the issue, they would have taken steps for mitigating the problem or even would delay the release a week or two.

There’s already a remedy, though. OpenBSD project provides a source code patch that requires compiling the code and rebuilding the X server. For a quick fix, users can disable the X server binary. Run the following command –

Besides OpenBSD, the bug also affects other Linux distros like Debian, Ubuntu, Fedora, RHEL, CentOS and their derivatives.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to activate the automatic screen saver in Windows 10

Hello! Undoubtedly the time we spend in front of a computer has grown lately. In fact, in these times of pandemic, more...

How to install Teamviewer on Ubuntu 20.04?

Hi, folks. This will be a short and very simple post in which you will learn how to install TeamViewer on Ubuntu...

OpenSUSE 15.2 available

Well, another one has come into the family. A new version of OpenSUSE has recently been released. The community distribution under the...

How to install and configure Vagrant in Windows 10

Hello! Vagrant is a free, multi-platform command-line tool, which makes it easy to create reproducible and shareable development environments. Additionally, it creates...

Ubuntu Rolling Release? It is possible with Rolling Rhino

Throughout the Linux community, there are always expectations about when Ubuntu decides to have a Rolling Release. This, at least, since the...