An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora.
Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical environment to a wider range of hardware and OS platforms. It serves as an intermediary between client and user applications to manage graphical displays.
According to a blog post published by software security engineer Narendra Shinde, Xorg X server doesn’t correctly handle and validate arguments for at least two command-line parameters, allowing a low-privileged user to execute malicious code and overwrite any file—including files owned by privileged users like root.
images from Hacker News