CUPS Security Vulnerabilities
Buck Naked writes "A slew of vulnerabilities was discovered in CUPS, from the advisory: 'Exploitation of multiple CUPS vulnerabilities allow local and remote attackers in the worst of the scenarios to gain root privileges...' The full advisory can be found at iDEFENSE."
I sure am glad I removed CUPS from my mom's debian box before I moved out last week (and took my firewall with me). I still think printing is the worst thing about unix in general (and about GNOME in particular...), but CUPS was relatively easy to set up. Sounds like it needs a serious security audit, though.
... do I use this ... uh ... no.
OK, I'm done.
Wish Windoze security updates were this easy......
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
It appears that a vulnerability has been found whereby a malicious user can covertly attach a second string to the midsection of the two originating CUPS and 'tap' into the communication between CUP "A" and CUP "B".
Furthermore, said user can attach a third CUP to the end of his/her string and receive a secondary branch off of all data vibrating bwteen the two original CUPS.
Saavy users can then vocally mimic the voice data being picked up and assume the identity of either CUP "A" or CUP "B".
Agency around the world have been placed on full alert as they scramble for a patch to this unforseen security hole!
Never try to beat a professional at his own game!
CUPS have always had known vulnerabilities; they need them to operate effectively. What do you expect when you have a giant hole on one end of the things? But if you plug up the hole, you can't drink out of them. Thus, CUPS will always be vulnerable.
Good thing I use MUGS.
I mean what use is a CUP with a HOLE in it?
The first thing that came to my mind was the silly game Chandler and Joey played on Friends, when I read about CUPS. :)