Displaying 1 result from an estimated 1 matches for "032b1d79b7".
2018 Oct 25
0
X.Org security advisory: October 25, 2018
...ode in the privileged process.
The -logfile argument can be used to overwrite arbitrary files in the
file system, due to incorrect checks in the parsing of the option.
This issue has been assigned CVE-2018-14665
Background
==========
The commit
https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7 which
first appeared in xorg-server 1.19.0 introduced a regression in the
security checks performed for potentially dangerous options, enabling
the vulnerabilities listed above.
Overwriting /etc/shadow with -logfile can also lead to privilege
elevation since it's possible to control some part...