Executive Summary

Summary
Title X.Org X server vulnerability
Informations
Name USN-3802-1 First vendor Publication 2018-10-26
Vendor Ubuntu Last vendor Modification 2018-10-26
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS

Summary:

X.Org X server could be made to overwrite files as the administrator.

Software Description: - xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server

Details:

Narendra Shinde discovered that the X.Org X server incorrectly handled certain command line parameters when running as root with the legacy wrapper. When certain graphics drivers are being used, a local attacker could possibly use this issue to overwrite arbitrary files and escalate privileges.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10:
xserver-xorg-core 2:1.20.1-3ubuntu2.1

Ubuntu 18.04 LTS:
xserver-xorg-core 2:1.19.6-1ubuntu4.2

Ubuntu 16.04 LTS:
xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.2

After a standard system update you need to reboot your computer to make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3802-1
CVE-2018-14665

Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.1-3ubuntu2.1
https://launchpad.net/ubuntu/+source/xorg-server/2:1.19.6-1ubuntu4.2

https://launchpad.net/ubuntu/+source/xorg-server-hwe-16.04/2:1.19.6-1ubuntu4.1~16.04.2

Original Source

Url : http://www.ubuntu.com/usn/USN-3802-1

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 170
Os 3
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1

Nessus® Vulnerability Scanner

Date Description
2019-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2018-4ab08fedd6.nasl - Type : ACT_GATHER_INFO
2019-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2018-839720583a.nasl - Type : ACT_GATHER_INFO
2018-12-13 Name : The remote AIX host is missing a security patch.
File : aix_IJ11000.nasl - Type : ACT_GATHER_INFO
2018-12-13 Name : The remote AIX host is missing a security patch.
File : aix_IJ11544.nasl - Type : ACT_GATHER_INFO
2018-12-13 Name : The remote AIX host is missing a security patch.
File : aix_IJ11545.nasl - Type : ACT_GATHER_INFO
2018-12-13 Name : The remote AIX host is missing a security patch.
File : aix_IJ11546.nasl - Type : ACT_GATHER_INFO
2018-12-13 Name : The remote AIX host is missing a security patch.
File : aix_IJ11547.nasl - Type : ACT_GATHER_INFO
2018-12-13 Name : The remote AIX host is missing a security patch.
File : aix_IJ11549.nasl - Type : ACT_GATHER_INFO
2018-12-13 Name : The remote AIX host is missing a security patch.
File : aix_IJ11550.nasl - Type : ACT_GATHER_INFO
2018-12-13 Name : The remote AIX host is missing a security patch.
File : aix_IJ11551.nasl - Type : ACT_GATHER_INFO
2018-11-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-3410.nasl - Type : ACT_GATHER_INFO
2018-10-31 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201810-09.nasl - Type : ACT_GATHER_INFO
2018-10-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4328.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2019-01-24 21:21:41
  • Multiple Updates
2018-10-26 17:19:12
  • First insertion