Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2018-14665

Description

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

POC

Reference

- http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html

- http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html

- https://www.exploit-db.com/exploits/45697/

- https://www.exploit-db.com/exploits/45742/

- https://www.exploit-db.com/exploits/45832/

- https://www.exploit-db.com/exploits/45908/

- https://www.exploit-db.com/exploits/45922/

- https://www.exploit-db.com/exploits/45938/

- https://www.exploit-db.com/exploits/46142/

Github

- https://github.com/0xT11/CVE-POC

- https://github.com/0xdea/exploits

- https://github.com/1o24er/RedTeam

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Al1ex/APT-GUID

- https://github.com/Al1ex/Red-Team

- https://github.com/Aneesh-Satla/Linux-Kernel-Exploitation-Suggester

- https://github.com/Apri1y/Red-Team-links

- https://github.com/Blacloud226/sao

- https://github.com/Echocipher/Resource-list

- https://github.com/Ondrik8/RED-Team

- https://github.com/anoaghost/Localroot_Compile

- https://github.com/bolonobolo/CVE-2018-14665

- https://github.com/chorankates/Help

- https://github.com/chorankates/Irked

- https://github.com/dk47os3r/hongduiziliao

- https://github.com/ethical-h-khdira/Reporting

- https://github.com/go-bi/go-bi-soft

- https://github.com/hackerhouse-opensource/exploits

- https://github.com/hasee2018/Safety-net-information

- https://github.com/hudunkey/Red-Team-links

- https://github.com/jas502n/CVE-2018-14665

- https://github.com/jm33-m0/go-lpe

- https://github.com/john-80/-007

- https://github.com/jondonas/linux-exploit-suggester-2

- https://github.com/landscape2024/RedTeam

- https://github.com/lnick2023/nicenice

- https://github.com/lp008/Hack-readme

- https://github.com/nobiusmallyu/kehai

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/slimdaddy/RedTeam

- https://github.com/svbjdbk123/-

- https://github.com/swignore/linpeas

- https://github.com/twensoo/PersistentThreat

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/xiaoZ-hc/redtool

- https://github.com/yut0u/RedTeam-BlackBox