X.org bug that gives attackers root bites OpenBSD and other big-name OSes

Several big-name Linux and BSD operating systems are vulnerable to an exploit that gives untrusted users powerful root privileges. The critical flaw in the X.org server—the open-source implementation of the X11 system that helps manage graphics displays—affects OpenBSD, widely considered to be among the most secure OSes. It also impacts some versions of the Red Hat, Ubuntu, Debian, and CentOS distributions of Linux.

An advisory X.org developers published Thursday disclosed the 23-month-old bug that, depending on how OS developers configure it, lets hackers or untrusted users elevate very limited system rights to unfettered root. The vulnerability, which is active when OSes run X.org in privileged (setuid) mode, allows files to be overwritten using the -logfile and -modulepath parameters. It also makes it trivial for low-privilege users to escalate system rights.

A variety of nuances are leading to widely divergent assessments of the bug’s severity. As Matthew Hickey, cofounder of security firm Hacker House, demonstrated Thursday, CVE-2018-14665, as the bug is indexed, can be triggered from a remote SSH session on what at the time was a fully patched OpenBSD machine. While the attacker need not use a local console, the exploit does require an an already-created account on the vulnerable OpenBSD system.

In Hickey’s example, the exploit elevates the account “developer” to “root” on a default version of OpenBSD 6.4-stable.

Source: arstechnica.com