CVE-2018-14665

Source
Severity High
Remote Yes
Type Privilege escalation
Description
Incorrect command-line parameter validation in the Xorg X server can lead to privilege elevation and/or arbitrary files overwrite, when the X server is installed with the setuid bit set and unprivileged users have the ability to log in to the system via physical console.

The -modulepath argument can be used to specify an insecure path to modules that are going to be loaded in the X server, allowing to execute unprivileged code in the privileged process.

The -logfile argument can be used to overwrite arbitrary files in the file system, due to incorrect checks in the parsing of the option.
Group Package Affected Fixed Severity Status Ticket
AVG-788 xorg-server 1.20.2-1 1.20.3-1 High Fixed
Date Advisory Group Package Severity Description
29 Oct 2018 ASA-201810-15 AVG-788 xorg-server High privilege escalation
References
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7
https://www.openwall.com/lists/oss-security/2018/10/25/1