New security hole affects Linux and BSD distros

The flaw found in X.Org Server and it allowed (yes, in the very past) that the attacker could get limited access to the system that could be via the terminal locally or in an SSH session remotely, thus being able to change the permissions and get the Root mode.

The vulnerability is not in the bad-as-it-gets category of flaws, and it also doesn't worry about well-planned, high-security computers, but a small slip can quickly turn something into a terrifying hack, Catalin Cimpanu comments .

A security consultant heard by ZDNet, Narendra Shinde, warned that such a flaw was pointed out in his May 2016 report and that the ZDNet package X.Org Server contained this vulnerability that could give attackers root privileges and could alter any type of file, even the most critical to the operating system.

Such vulnerability was identified with flag CVE-2018-14665 and it was observed what could have caused such a failure. Incorrect handling of two lines of code, namely -logfile and -modulepath, would have allowed attackers to insert their malicious code. This flaw is exploited when X.Org Server runs with root privileges and is common in many distros.

Developers of X.Org Foundation They are already planning to release a fix for X.Org 1.20.3 and thus fix these problems caused by these two lines.

Distributions as Red Hat Enterprise Linux, Fedora, CentOS, Debian, Ubuntu and Openbsd have already been confirmed as impacted, and other smaller projects are also affected.

Security updates that contain the package fix the X.Org Server vulnerability should be deployed in the next hours and days. At the Linux Mint and in Ubuntu The fix has already been released and confirmed by our team, just update your system, the same, possibly can be said of the others, check your updates.

This shows that Linux and BSD They are not saved from crashes and slips like this, and thus showing that these operating systems are not unbeatable, but nonetheless are robust and secure alternatives to Windows systems. Problems like this one at once again demonstrate the importance of actively developing alternatives like Wayland.

Hope to see you next, big hug.


See an error or would you like to add any suggestions to this article? Collaborate, click here.