https://www.bleepingcomputer.com/news/s ... d-systems/
Porteus affected? and what we could do to fix this and probably more security issues in future?
Trivial Bug in X.Org Gives Root Permission on Linux
- fanthom
- Moderator Team
- Posts: 5667
- Joined: 28 Dec 2010, 02:42
- Distribution: Porteus Kiosk
- Location: Poland
- Contact:
Trivial Bug in X.Org Gives Root Permission on Linux
You need to upgrade xorg-server to version 1.20.3:
https://bugs.gentoo.org/669588#c0
slackware current has it already:
ftp://ftp.osuosl.org/pub/slackware/slac ... ngeLog.txt
https://bugs.gentoo.org/669588#c0
slackware current has it already:
ftp://ftp.osuosl.org/pub/slackware/slac ... ngeLog.txt
Please add [Solved] to your thread title if the solution was found.
-
- Full of knowledge
- Posts: 2075
- Joined: 17 Jun 2013, 13:17
- Distribution: Porteus 3.2.2 XFCE 32bit
- Location: Germany
Trivial Bug in X.Org Gives Root Permission on Linux
Imo, not so critical as it sounds (using porteus), but I could be wrong here.
Prerequisite for the attack is an X.org server running with setuid root.
If this is set for the X server, it can be started as a normal user,
but runs with root privileges.
An attacker also needs console access on the affected computer.
He must either be logged in with a service like SSH or locally on the computer.
With the X.org version 1.20.3 the problems were solved.
Porteus 4.0
...no s bit set....
btw
Prerequisite for the attack is an X.org server running with setuid root.
If this is set for the X server, it can be started as a normal user,
but runs with root privileges.
An attacker also needs console access on the affected computer.
He must either be logged in with a service like SSH or locally on the computer.
With the X.org version 1.20.3 the problems were solved.
Porteus 4.0
Code: Select all
guest@porteus:~$ ls -lh /usr/bin/Xorg
-rwxr-xr-x 1 root root 273 Dec 23 2017
btw
porteus 3.2.2 has Xorg 1.18.3...It has been present in xorg-server since version 1.19.0