CVE-2018-14665:setuid 複寫檔案的 security issue...
在ofollow,noindex" target="_blank">Twitter 上看到的 security issue,好久沒在這麼普及的軟體上看到這種 bug 了:
CVE?src=hash&ref_src=twsrc%5Etfw" rel="nofollow,noindex" target="_blank">#CVE -2018-14665 - a LPE exploit viahttps://t.co/eax3fvaAjE fits in a tweet
cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su
Overwrite shadow (or any) file on most Linux, get root privileges. *BSD and any other Xorg desktop also affected.
— Hacker Fantastic (@hackerfantastic)October 25, 2018
在CVE - CVE-2018-14665 的說明裡面有提到 1.20.3 前的版本都有中,但沒講到從哪個版本開始,看起來是全系列...?
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
這一臉 orz...