Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
X.Org X Window Server本地权限提升漏洞
Vulnerability Description
Xorg X Server是Solaris x86平台上可用的X窗口系统显示服务器之一。 Xorg X Server实现上存在设计错误,本地攻击者可能利用此漏洞提升自己的权限。 在解析参数时,X Server检查了只有root用户才可以传送-modulepath和-logfile选项。这两个选项分别用于判断模块加载和日志文件的位置,正常情况下非特权用户无法更改这些位置。但上述检查只测试了geteuid函数的地址而不是函数结果本身,因此如果geteuid()的地址不是0的话,非特权用户就可以以root权限在
CVSS Information
N/A
Vulnerability Type
N/A