Trivial Bug in X.Org Gives Root Permission on Linux

Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
Post Reply
xenos
Black ninja
Black ninja
Posts: 40
Joined: 20 Aug 2016, 22:20
Distribution: Porteus
Location: Blackhole

Trivial Bug in X.Org Gives Root Permission on Linux

Post#1 by xenos » 31 Oct 2018, 18:28

https://www.bleepingcomputer.com/news/s ... d-systems/

Porteus affected? and what we could do to fix this and probably more security issues in future?
Top
User avatar
fanthom
Moderator Team
Moderator Team
Posts: 5667
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:
Contact fanthom

Trivial Bug in X.Org Gives Root Permission on Linux

Post#2 by fanthom » 31 Oct 2018, 21:38

You need to upgrade xorg-server to version 1.20.3:
https://bugs.gentoo.org/669588#c0

slackware current has it already:
ftp://ftp.osuosl.org/pub/slackware/slac ... ngeLog.txt
Please add [Solved] to your thread title if the solution was found.
Top
donald
Full of knowledge
Full of knowledge
Posts: 2106
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Trivial Bug in X.Org Gives Root Permission on Linux

Post#3 by donald » 31 Oct 2018, 21:40

Imo, not so critical as it sounds (using porteus), but I could be wrong here.

Prerequisite for the attack is an X.org server running with setuid root.
If this is set for the X server, it can be started as a normal user,
but runs with root privileges.
An attacker also needs console access on the affected computer.
He must either be logged in with a service like SSH or locally on the computer.
With the X.org version 1.20.3 the problems were solved.

Porteus 4.0

Code: Select all

guest@porteus:~$ ls -lh /usr/bin/Xorg
-rwxr-xr-x 1 root root 273 Dec 23  2017
...no s bit set....

btw
It has been present in xorg-server since version 1.19.0
porteus 3.2.2 has Xorg 1.18.3... :)
Top
Post Reply

Return to “Security”