CVE-2018-14665 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Privilege escalation
Description	Incorrect command-line parameter validation in the Xorg X server can lead to privilege elevation and/or arbitrary files overwrite, when the X server is installed with the setuid bit set and unprivileged users have the ability to log in to the system via physical console. The -modulepath argument can be used to specify an insecure path to modules that are going to be loaded in the X server, allowing to execute unprivileged code in the privileged process. The -logfile argument can be used to overwrite arbitrary files in the file system, due to incorrect checks in the parsing of the option.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-788	xorg-server	1.20.2-1	1.20.3-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
29 Oct 2018	ASA-201810-15	AVG-788	xorg-server	High	privilege escalation

References
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7 https://www.openwall.com/lists/oss-security/2018/10/25/1

References

https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7
https://www.openwall.com/lists/oss-security/2018/10/25/1