vendor:
SuperProbe
by:
Solar Designer
7.2
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: SuperProbe
Affected Version From: Slackware Linux 3.1
Affected Version To: Slackware Linux 3.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
1997
SuperProbe buffer overflow exploit for Linux
SuperProbe is an program supplied with XFree86 that helps determine video hardware. It is shipped with Slackware Linux 3.1 and is installed setuid root. There is an exploitable strcpy buffer overflow in the TestChip() function which allows for a trivial local root compromise.
Mitigation:
Disable SuperProbe or remove the setuid bit from the program.