Subject: Caldera Security Advisory 97.02: Vulnerability in X11 SuperProbe Caldera Security Advisory SA-97.02 March 5th, 1997 Topic: Vulnerability in X11 SuperProbe I. Problem Description A vulnerability exists in the SuperProbe utility included in XFree86 that will allow arbitrary individuals to obtain root access to servers running these servers. Local shell access is required to exploit this vulnerability. An exploit program does exist. II. Impact An unprivileged user can obtain root access. Caldera systems affected: Caldera Network Desktop 1.0 Caldera OpenLinux Base 1.0 (BETA) Caldera systems NOT affected: Caldera OpenLinux Base 1.0 Caldera OpenLinux Standard 1.1 III. Solution Simply remove the SUID root bit from SuperProbe: chmod ug-s /usr/X11R6/bin/SuperProbe SuperProbe does not need to be SUID root and should simply be executed as the root user. IV. References This and other Caldera security resources are located at: http://www.caldera.com/tech-ref/security/