module
Xorg X11 Server SUID modulepath Privilege Escalation
| Disclosed | Created |
|---|---|
| 2018-10-25 | 2019-10-23 |
Disclosed
2018-10-25
Created
2019-10-23
Description
This module attempts to gain root privileges with SUID Xorg X11 server
versions 1.19.0
A permission check flaw exists for -modulepath and -logfile options when
starting Xorg. This allows unprivileged users that can start the server
the ability to elevate privileges and run arbitrary code under root
privileges.
This module has been tested with CentOS 7 (1708).
CentOS default install will require console auth for the users session.
Xorg must have SUID permissions and may not start if running.
On successful exploitation artifacts will be created consistant
with starting Xorg.
versions 1.19.0
A permission check flaw exists for -modulepath and -logfile options when
starting Xorg. This allows unprivileged users that can start the server
the ability to elevate privileges and run arbitrary code under root
privileges.
This module has been tested with CentOS 7 (1708).
CentOS default install will require console auth for the users session.
Xorg must have SUID permissions and may not start if running.
On successful exploitation artifacts will be created consistant
with starting Xorg.
Authors
Narendra Shinde
Aaron Ringo
Aaron Ringo
Platform
Linux,Solaris,Unix
Architectures
x86, x64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.