### [CVE-2018-14665](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. ### POC #### Reference - http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html - http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html - http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html - http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html - https://www.exploit-db.com/exploits/45697/ - https://www.exploit-db.com/exploits/45697/ - https://www.exploit-db.com/exploits/45742/ - https://www.exploit-db.com/exploits/45742/ - https://www.exploit-db.com/exploits/45832/ - https://www.exploit-db.com/exploits/45832/ - https://www.exploit-db.com/exploits/45908/ - https://www.exploit-db.com/exploits/45908/ - https://www.exploit-db.com/exploits/45922/ - https://www.exploit-db.com/exploits/45922/ - https://www.exploit-db.com/exploits/45938/ - https://www.exploit-db.com/exploits/45938/ - https://www.exploit-db.com/exploits/46142/ - https://www.exploit-db.com/exploits/46142/ #### Github - https://github.com/0xT11/CVE-POC - https://github.com/0xdea/exploits - https://github.com/1o24er/RedTeam - https://github.com/ARPSyndicate/cvemon - https://github.com/Al1ex/APT-GUID - https://github.com/Al1ex/Red-Team - https://github.com/Aneesh-Satla/Linux-Kernel-Exploitation-Suggester - https://github.com/Apri1y/Red-Team-links - https://github.com/Echocipher/Resource-list - https://github.com/Ondrik8/RED-Team - https://github.com/anoaghost/Localroot_Compile - https://github.com/bolonobolo/CVE-2018-14665 - https://github.com/chorankates/Help - https://github.com/chorankates/Irked - https://github.com/dk47os3r/hongduiziliao - https://github.com/ethical-h-khdira/Reporting - https://github.com/go-bi/go-bi-soft - https://github.com/hackerhouse-opensource/exploits - https://github.com/hasee2018/Safety-net-information - https://github.com/hudunkey/Red-Team-links - https://github.com/jas502n/CVE-2018-14665 - https://github.com/jm33-m0/go-lpe - https://github.com/john-80/-007 - https://github.com/jondonas/linux-exploit-suggester-2 - https://github.com/landscape2024/RedTeam - https://github.com/lnick2023/nicenice - https://github.com/lp008/Hack-readme - https://github.com/nobiusmallyu/kehai - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/slimdaddy/RedTeam - https://github.com/svbjdbk123/- - https://github.com/twensoo/PersistentThreat - https://github.com/xbl3/awesome-cve-poc_qazbnm456 - https://github.com/xiaoZ-hc/redtool - https://github.com/yut0u/RedTeam-BlackBox