Subject: Caldera Security Advisory 97.02: Vulnerability in X11 SuperProbe

Caldera Security Advisory SA-97.02
March 5th, 1997

Topic: Vulnerability in X11 SuperProbe

I. Problem Description

	A vulnerability exists in the SuperProbe utility included in XFree86
	that will allow arbitrary individuals to obtain root access to servers
	running these servers.  Local shell access is required to exploit this
	vulnerability.  An exploit program does exist.

II. Impact

	An unprivileged user can obtain root access.  Caldera systems
	affected:
		Caldera Network Desktop 1.0
		Caldera OpenLinux Base 1.0 (BETA)

	Caldera systems NOT affected:
		Caldera OpenLinux Base 1.0
		Caldera OpenLinux Standard 1.1

III. Solution

	Simply remove the SUID root bit from SuperProbe:

		chmod ug-s /usr/X11R6/bin/SuperProbe

	SuperProbe does not need to be SUID root and should simply
	be executed as the root user.

IV. References

	This and other Caldera security resources are located at:

		http://www.caldera.com/tech-ref/security/