CVE-2018-14665 log

Severity High
Remote Yes
Type Privilege escalation
Incorrect command-line parameter validation in the Xorg X server can lead to privilege elevation and/or arbitrary files overwrite, when the X server is installed with the setuid bit set and unprivileged users have the ability to log in to the system via physical console.

The -modulepath argument can be used to specify an insecure path to modules that are going to be loaded in the X server, allowing to execute unprivileged code in the privileged process.

The -logfile argument can be used to overwrite arbitrary files in the file system, due to incorrect checks in the parsing of the option.
Group Package Affected Fixed Severity Status Ticket
AVG-788 xorg-server 1.20.2-1 1.20.3-1 High Fixed
Date Advisory Group Package Severity Type
29 Oct 2018 ASA-201810-15 AVG-788 xorg-server High privilege escalation