Rapid7 Vulnerability & Exploit Database

Xorg X11 Server SUID modulepath Privilege Escalation

Back to Search

Xorg X11 Server SUID modulepath Privilege Escalation



This module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 < 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This module has been tested with CentOS 7 (1708). CentOS default install will require console auth for the users session. Xorg must have SUID permissions and may not start if running. On successful exploitation artifacts will be created consistant with starting Xorg.


  • Narendra Shinde
  • Aaron Ringo




x86, x64


Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/local/xorg_x11_suid_server_modulepath
msf exploit(xorg_x11_suid_server_modulepath) > show targets
msf exploit(xorg_x11_suid_server_modulepath) > set TARGET < target-id >
msf exploit(xorg_x11_suid_server_modulepath) > show options
    ...show and set options...
msf exploit(xorg_x11_suid_server_modulepath) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security