Check your xorg version number.
Niclas Zeising
zeising at freebsd.org
Fri Oct 26 07:05:40 UTC 2018
On 10/26/18 5:47 AM, Pete Wright wrote:
>
> On 10/25/18 7:19 PM, Gladiola via freebsd-x11 wrote:
>> Maintainers:
>>
>> https://twitter.com/hackerfantastic/status/1055555359060807680?s=19
>>
>> https://nvd.nist.gov/vuln/detail/CVE-2018-14685
>
> that CVE entry seems to correspond to a PHP issue unless i'm missing
> something.
>
> perhaps this is what you are referring to:
> https://lists.x.org/archives/xorg-announce/2018-October/002927.html
>
> yea this is really not a good thing, although i believe we are
> accidentally OK since we are not running xorg-1.19.x yet in the ports tree:
>
> "Privilege escalation and file overwrite in X.Org X server 1.19 and later"
>
> regardless of that line I believe others on this list are looking
> closely into this regardless.
>
Hi!
The freeBSD Xorg X server is not vulnerable. We are running a version
from before the code n question was introduced. I did a simple test and
was not able to exploit it (the exploit is fairly easy to set up).
More information and a PoC can be found here, so that you can test for
yourselves.
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
Regards
--
Niclas Zeising
FreeBSD X11/Graphics team
More information about the freebsd-x11
mailing list