Almost all Linux and BSD variants that utilize the X.Org server package contain a vulnerability, security researchers recently disclosed. This flaw could allow an attacker with limited privileges to elevate privileges and gain root system access, either using a terminal or SSH session.
Typically, if a vulnerable version of X.Org runs on a system with root access, it can be exploited by normal logged-in users to gain administrator-level control over a computer. This could also allow an attacker to access files in a targeted computer, install spyware and perform many more malicious activities.
However, the vulnerability cannot be used to break into secure systems that do not run on root privileges. For example, some of the Linux distros, such as CentOS, which does not use X.Org with root privileges, remain safe from the potential attacks.
According to security researcher Narendra Shinde, the vulnerability is more than two years old and has existed since May 2016. It was located in the X.Org server package.
X.Org is a core graphics and windowing technology that is used by many famous KDE and GNOME desktop interface suites. This features also exist in all major Linux and BSD operating systems, with a Windows-based interface.
The vulnerability has been assigned as CVE-2018-14665 and was caused due to improper handling of two command-line options, namely -logfile and -modulepath. This allows an attacker to perform malicious operations. While the -logfile switch can be used to overwrite the shadow password file on a vulnerable computer, the -modulepath command line switch can be used to inject malicious codes into the root privileged X.Org process.
Distros like Red Hat Enterprise Linux, Fedora, CentOS, Debian, Ubuntu, and OpenBSD have already confirmed abouot being affected by the vulnerability. Experts also estimate that many other smaller packages have also been affected as well, ZDNet reported.
X.Org has issued a security advisory explaining why the vulnerability is not present across many other operating system distributions. X.Org Foundation developers also released a fix for the vulnerability in a newer version of X.Org Server 1.20.3, addressing this issue. The fix likely disables support for the two affected command-line arguments, if the X.Org Server package runs with root privileges.
"An attacker can literally take over impacted systems with 3 commands or less,” Matthew Hickey, co-founder, and director at Hacker House, a UK based cybersecurity firm, said in a tweet.