Privilege escalation in xorg-server (Alpine package)

1) Privilege escalation

EUVDB-ID: #VU15538

Risk: Low

CVSSv3.1: 7.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2018-14665

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to gain elevated privileges on the target system.

The vulnerability exists due to improper handling of two command-line options, namely -logfile and -modulepath. A local user can specify a '-modulepath' argument with an insecure path to create, overwrite or delete any files with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

xorg-server (Alpine package): 1.19.5-r0 - 1.19.6-r2

External links

http://git.alpinelinux.org/aports/commit/?id=7ef7c7225e8892f60a63c6242fb4546ecd42f1ae
http://git.alpinelinux.org/aports/commit/?id=8e700dfc5cc2199f06163864d60d559cacd453cd
http://git.alpinelinux.org/aports/commit/?id=200ed130cd6de4484176410175e321c8dfc55f09
http://git.alpinelinux.org/aports/commit/?id=4c35866610d06281e3d5d1717fb264f69ff2aac0
http://git.alpinelinux.org/aports/commit/?id=9ab208679bc4ae87c012980f6cc3ac7c7cbda918
http://git.alpinelinux.org/aports/commit/?id=aa79b6b19b8d17276a444f0c17c1c3a3742f3ef8

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.