Vulnerability DatabaseCVE-2018-14665
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2018-14665
October 25, 2018
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
Related ResourcesĀ (23)
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
https://www.exploit-db.com/exploits/46142/
https://www.exploit-db.com/exploits/45697/
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14665
https://www.exploit-db.com/exploits/45908/
http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html
http://www.securityfocus.com/bid/105741
https://access.redhat.com/errata/RHSA-2018:3410
http://www.securitytracker.com/id/1041948
https://www.exploit-db.com/exploits/45742/
https://www.debian.org/security/2018/dsa-4328
https://www.exploit-db.com/exploits/45832/
https://www.exploit-db.com/exploits/45938/
https://www.exploit-db.com/exploits/45922/
https://access.redhat.com/security/cve/CVE-2018-14665
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665
https://security-tracker.debian.org/tracker/CVE-2018-14665
https://lists.x.org/archives/xorg-announce/2018-October/002927.html
https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170
https://usn.ubuntu.com/3802-1/
https://security.gentoo.org/glsa/201810-09
Do you need more information?
Contact Us
CVSS v4
Base Score:
7
Attack Vector
PHYSICAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
ATTACKED
CVSS v3
Base Score:
6.6
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Exploit Maturity
HIGH
CVSS v2
Base Score:
7.2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
Weakness Type (CWE)
Incorrect Authorization
CWE-863
EPSS
Base Score:
14.46