[Oct 27, 2018]
An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora.
Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical environment to a wider range of hardware and OS platforms. It serves as an intermediary between client and user applications to manage graphical displays.
According to a blog post published by software security engineer Narendra Shinde, Xorg X server doesn’t correctly handle and validate arguments for at least two command-line parameters, allowing a low-privileged user to execute malicious code and overwrite any file—including files owned by privileged users like root.
Cyber Security Tips:
– The X.Org foundation has now released X.Org Server version 1.20.3 with security patches to address the issue.
– Popular distributions like OpenBSD, Debian, Ubuntu, CentOS, Red Hat, and Fedora have published their advisories to confirm the issue and working on the patch updates.