ArchLinux: 201810-15: xorg-server: privilege escalation
Summary
Incorrect command-line parameter validation in the Xorg X server can
lead to privilege elevation and/or arbitrary files overwrite, when the
X server is installed with the setuid bit set and unprivileged users
have the ability to log in to the system via physical console.
The -modulepath argument can be used to specify an insecure path to
modules that are going to be loaded in the X server, allowing to
execute unprivileged code in the privileged process.
The -logfile argument can be used to overwrite arbitrary files in the
file system, due to incorrect checks in the parsing of the option.
Resolution
Upgrade to 1.20.3-1.
# pacman -Syu "xorg-server>=1.20.3-1"
The problem has been fixed upstream in version 1.20.3.
References
https://gitlab.freedesktop.org/xorg/xserver/-/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e https://gitlab.freedesktop.org/xorg/xserver/-/commit/032b1d79b7 https://www.openwall.com/lists/oss-security/2018/10/25/1 https://security.archlinux.org/CVE-2018-14665
Workaround
None.