WELCOME

There are many more vulnerabilities in the software that could

May 15, 2017 by Lena Webb

There are many more vulnerabilities in the software that could be exploited by attackers, according to security researchers Cinéléa Toduro and Jérôme Désalvo.

One of them is CVE-2016-1222, an open-source version of the X.org server that is being used by Linux security researchers in the United States. As part of its annual analysis of Linux-based software vulnerabilities, OS security researchers have been following the exploits of several major major OSes, including Ubuntu, Debian, and CentOS, and identifying the source code of several other vulnerable OSes. These patches have been distributed for a variety of OSes.

"We have discovered that the main reason users can elevate the privilege of their OpenBSD installations to an untrusted user is because of the vulnerability in the X.org server," said Désalvo. "We have also discovered that users can escalate user privileges of their operating systems to untrusted users because of the vulnerability in the X.org server."

The vulnerability is not unique to the Linux kernel, which is vulnerable to a similar exploit in the popular OpenBSD kernel. The vulnerability can also be used by malicious software to access certain files. The vulnerability can also be exploited by using a program called X.Org Manjaro, which lets remote attackers to execute arbitrary code with information from an unprivileged root user.

Déalvo said the bug in a file that handles data generated by the X.org server is exploitable because it has two key pieces of information: the X.org server's IP address and the file name. These key pieces are not unique to the OpenBSD kernel, which is vulnerable to a similar vulnerability in the X.org server.

“It is possible to elevate unprivileged privileges by running X.org in a non-secure environment.‡