Slashdot Mirror
CUPS Security Vulnerabilities
Buck Naked writes "A slew of vulnerabilities was discovered in CUPS, from the advisory: 'Exploitation of multiple CUPS vulnerabilities allow local and remote attackers in the worst of the scenarios to gain root privileges...' The full advisory can be found at iDEFENSE."
Its a good thing most new users can't setup CUPS and just disable ;)
Until RedHat 8 came out that is!
I sure am glad I removed CUPS from my mom's debian box before I moved out last week (and took my firewall with me). I still think printing is the worst thing about unix in general (and about GNOME in particular...), but CUPS was relatively easy to set up. Sounds like it needs a serious security audit, though.
... do I use this ... uh ... no.
OK, I'm done.
Wish Windoze security updates were this easy......
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
It appears that a vulnerability has been found whereby a malicious user can covertly attach a second string to the midsection of the two originating CUPS and 'tap' into the communication between CUP "A" and CUP "B".
Furthermore, said user can attach a third CUP to the end of his/her string and receive a secondary branch off of all data vibrating bwteen the two original CUPS.
Saavy users can then vocally mimic the voice data being picked up and assume the identity of either CUP "A" or CUP "B".
Agency around the world have been placed on full alert as they scramble for a patch to this unforseen security hole!
Never try to beat a professional at his own game!
Couldn't I have seen this just TWO HOURS AGO while I was still at work, and not now when my holidays have officially started? Well, it's not like I didn't expect to be working occasionally during my holiday anyway. A sysadmin's work is never done ...
I say again - damn. It a little blissful ignorance over the festive season too much to ask these days?
Wasting your time since 1997.
CUPS have always had known vulnerabilities; they need them to operate effectively. What do you expect when you have a giant hole on one end of the things? But if you plug up the hole, you can't drink out of them. Thus, CUPS will always be vulnerable.
I use CUPS too but it's not always neat; I haven't been able to fix the spilling bug that always occurs if I am using CUPS to transfer red wine or coffee while wearing white.
OK, OK, I'll stop....
Good thing I use MUGS.
I mean what use is a CUP with a HOLE in it?
The first thing that came to my mind was the silly game Chandler and Joey played on Friends, when I read about CUPS. :)
It's also idiot proof.
They should put a warning on Linux and Unix in general that says, "If you are an idiot, don't even think about installing this. This is meant for people who have half a mind, and actually understand what they want from their computer."
Go back to buying sub-par point-and-print bullshit.
"Exploitation of multiple CUPS vulnerabilities"
Sounds more like a description of senior prom night