Slashdot Mirror

← Back to Stories (view on slashdot.org)

CUPS Security Vulnerabilities

Posted by CowboyNeal on from the leaving-the-door-open dept.

Buck Naked writes "A slew of vulnerabilities was discovered in CUPS, from the advisory: 'Exploitation of multiple CUPS vulnerabilities allow local and remote attackers in the worst of the scenarios to gain root privileges...' The full advisory can be found at iDEFENSE."

5 of 155 comments (clear)

  1. Patches out, you can relax by Erore · · Score: 5, Informative

    http://www.cups.org/news.php?V87

    Whew, I feel much safer now. It's always nice that someone feels ownership for the code, thus that someone takes quick action and fixes the problems. Thank you Michael Sweet for a great print system and quick action.

  2. Vendor notes... by Anonymous Coward · · Score: 5, Informative


    Michael Sweet [mike@easysw.com] of Easy Software Products said CUPS 1.1.18 will be released December 19, 2002 which addresses all of these issues (http://www.cups.org).

    Mark J Cox (mjc@redhat.com) of Red Hat said the following:

    "Red Hat Linux 7.3 and 8.0 ship with CUPS, however it is not enabled by default. We are currently working on producing erratum packages. When complete, these will be available along with our advisory. At the same time, users of the Red Hat Network will be able to update their systems
    using the 'up2date' tool."

    Richard Blanchard (rblanchard@apple.com) of Apple said the following:

    "Affected Systems:
    Mac OS X 10.2 - Mac OS X 10.2.2
    Mac OS X Server 10.2 - Mac OS X Server 10.2.2

    Mitigating Factors:

    The described vulnerability can be remotely exploited only when Printer Sharing is enabled. Printer Sharing is not enabled by default on Mac OS X or Mac OS X Server.

    Fixed in: Mac OS X 10.2.3 and Mac OS X Server 10.2.3"

  3. Mac Users OK by mattvd · · Score: 5, Informative
    From the linked article:
    "Fixed in: Mac OS X 10.2.3 and Mac OS X Server 10.2.3"
    Apple just released 10.2.3 today.
  4. "Slew?" by printman · · Score: 5, Informative

    OK, for folks that haven't read the advisory, a "slew" is apparently 9.

    Of those 9, only *1* of the issues could possibly be used to gain root access, and it depends entirely on the CUPS release, compiler, etc. you use, and for the exploit to work remotely you have to change the default CUPS configuration.

    Issue 6 was fixed back in CUPS 1.1.15 (released in June) and is old news.

    All but one issue was fixed within a few hours of the report, and the current CUPS release (1.1.18) does not have any of these vulnerabilities.

    --
    I print, therefore I am.
  5. Re:CUPS is still the best solution by berzerke · · Score: 5, Informative

    ...why on earth would someone not be firewalling their printer?



    In addition to the firewalling, cups can also be portwalled too (see http://www.spotswood-computer.net/portwalling.html for details on this concept). Make sure it's not listening on an internet interface (which it would by default). Assuming your internal interface is 192.168.1.1, comment out the lines

    Port 80
    Port 631
    and replace them with
    Listen 192.168.1.1:631
    Listen 192.168.1.1:80
    and restart the service. Warning: The cups init.d script in Mandrake (at least) will make changes to your configuration file, resulting in cups failing to start if you make the changes listed here. Edit the script and stop it from making the changes before you restart.