An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical environment to a wider range of hardware and OS platforms. It serves as an intermediary between client and user applications to manage graphical displays.
Xorg X server doesn't correctly handle and validate arguments for at least two command-line parameters, allowing a low-privileged user to execute malicious code and overwrite any file—including files owned by privileged users like root. The flaw, tracked as CVE-2018-14665, was introduced in X.Org server 1.19.0 package that remained undetected for almost two years and could have been exploited by a local attacker on the terminal or via SSH to elevate their privileges on a target system.
Security researcher Matthew Hickey shared an easy to execute proof-of-concept exploit code earlier today on Twitter, saying "An attacker can literally take over impacted systems with 3 commands or less."
The X.Org foundation has now released X.Org Server version 1.20.3 with security patches to address the issue.
If you have any queries,please do not hesitate to contact us: hello@stravatechnologies.in