/>
X

New security flaw impacts most Linux and BSD distros

Issue is only a privilege escalation flaw but it impacts a large number of systems.
catalin-cimpanu.jpg
Written by Catalin Cimpanu, Contributor on

Linux and BSD variants that employ the popular X.Org Server package --almost all do-- are vulnerable to a new vulnerability disclosed on Thursday.

The vulnerability allows an attacker with limited access to a system, either via a terminal or SSH session, to elevate privileges and gain root access.

It can't be used to break into secure computers, but it is still useful to attackers because it can quickly turn simple intrusions into bad hacks.

While the vulnerability is not in the redoubtable category of "as-bad-as-it-gets" flaws, the security flaw could not be ignored by the Linux and infosec communities once its existence was made public on Thursday.

The reason is because of the place it was found in --namely the X.Org Server package-- a core graphics and windowing technology that is the base for the more famous KDE and GNOME desktop interface suites, and found in all major Linux and BSD distros that offer users a windows-based interface.

However, according to a report authored by security researcher Narendra Shinde, since May 2016, the X.Org Server package had contained a vulnerability that allowed attackers to either elevate privileges and/or overwrite any files on the local system, even crucial OS data.

The issue, tracked as CVE-2018-14665, was caused by improper handling of two command-line options, namely -logfile and -modulepath, which allowed an attacker to insert and execute their own malicious operations. The flaw was exploitable only when X.Org Server was configured to run with root privileges itself, which is a common setup for many distros.

X.Org Foundation developers released X.Org Server 1.20.3 to fix this issue. The fix disables support for these two command-line arguments if the X.Org Server package runs with root privileges.

Distros like Red Hat Enterprise Linux, Fedora, CentOS, Debian, Ubuntu, and OpenBSD have already been confirmed as impacted, and other smaller projects are most likely affected as well.

Security updates that contain the patched X.Org Server package are expected to roll out in the following hours and days.

Proof-of-concept code was also released earlier today by Matthew Hickey, Co-Founder and Director at Hacker House, a UK-based cyber-security firm.

"An attacker can literally take over impacted systems with 3 commands or less," said Hickey on Twitter. "Lots of other ways to exploit e.g crontab. It's hilarious on how trivial it is."

Linux survival guide: These 21 applications let you move easily between Linux and Windows

RELATED SECURITY COVERAGE:

Related

How to stop spam messages on your iPhone with this almost-secret hidden switch
messages.jpg

How to stop spam messages on your iPhone with this almost-secret hidden switch

Security
This hidden iPhone feature makes you sound better on calls
Control Center icon in macOS

This hidden iPhone feature makes you sound better on calls

iPhone
Microsoft is rolling out these security settings to protect millions of accounts. Here's what's changing
Professional programmer working at developing programming and website working in a software develop company office, writing codes and typing data code

Microsoft is rolling out these security settings to protect millions of accounts. Here's what's changing

Security