X.Org Flaw Allows Privilege Escalation in Linux Systems

From threatpost.com

The issue impacts many large distros with GUI interfaces.

A local privilege-escalation and file-overwrite vulnerability in X.Org X server opens the door to trivial compromise in Linux systems that use the open-source software.

The X server is a core graphics and windowing technology that can be found in most Linux and BSD distributions that use a GUI interface. The vulnerability (CVE-2018-14665) affects X server versions 1.19 and later, and has been around for at least two years. X.Org explained that if a vulnerable version of X.org runs on a system as “setuid” root, a logged-in user can use it to gain administrator-level privileges on the machine. From there, the user can create or overwrite files, anywhere on the system, including files owned by privileged users (i.e., an adversary could tamper with data or install malware).

Read more…