SA-1997.02.txt
b27ad43d9aa61c89a1783c497b76f3073bef9eae8c980596b2cc8c3aa573ac01
Subject: Caldera Security Advisory 97.02: Vulnerability in X11 SuperProbe
Caldera Security Advisory SA-97.02
March 5th, 1997
Topic: Vulnerability in X11 SuperProbe
I. Problem Description
A vulnerability exists in the SuperProbe utility included in XFree86
that will allow arbitrary individuals to obtain root access to servers
running these servers. Local shell access is required to exploit this
vulnerability. An exploit program does exist.
II. Impact
An unprivileged user can obtain root access. Caldera systems
affected:
Caldera Network Desktop 1.0
Caldera OpenLinux Base 1.0 (BETA)
Caldera systems NOT affected:
Caldera OpenLinux Base 1.0
Caldera OpenLinux Standard 1.1
III. Solution
Simply remove the SUID root bit from SuperProbe:
chmod ug-s /usr/X11R6/bin/SuperProbe
SuperProbe does not need to be SUID root and should simply
be executed as the root user.
IV. References
This and other Caldera security resources are located at:
http://www.caldera.com/tech-ref/security/